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EXECUTIVE  SUMMARY 

Modern  C4I  networks  utilized  by  the  military  are  increasingly  composed  of  commercial 
equipment  and  commercial  connectivity.  The  number  of  users  on  most  computer  networks  is  growing 
exponentially.  The  number  of  hubs  in  each  network  is  expanding  geometrically.  Within  this  explosive 
growth  is  the  inherent  problem  of  managing  and  measuring  these  expensive  assets.  Commercial 
networks  are  monitored  and  measured  to  meet  corporate  costing  goals  and  guidelines.  The  DoD 
networks  do  not  deliver  a  bill  directly  to  each  user,  but  seek  to  increase  reliability,  service  quality  and 
other  variables. 

This  thesis  is  a  case  study  of  the  network  management  and  metrics  measurement  program  of 
the  United  States  Special  Operations  Command's  (USSOCOM)  SCAMPI  (Not  an  Acronym)  Network. 
SCAMPI  is  the  principal  C4I  network  for  special  operations  forces.  It  covers  the  continental  United 
States  and  Hawaii,  and  has  deployable  nodes  in  overseas  locations.  It  was  at  the  time  of 
implementation  a  leading  edge  C4I  network  composed  of  optical  fiber  links  and  high  speed  hub 
switching  equipment.  It  also  had  a  later  installation  of  a  Network  Operations  Center  (NOC)  that 
conducts  the  network  management  and  metrics  measurements  for  the  network.  This  center  known  as 
the  Systems  Resource  Center  (SRC),  also  serves  in  the  classical  trouble  desk  mode  for  all  Automatic 
Data  Processing  (ADP)  related  problems.  The  SCAMPI  system  remains  a  robust  and  fully  functional 
network.  This  thesis  seeks  to  ensure  that  the  network  management  and  metrics  program  is  proactive 
and  allows  constant  improvements  in  service  to  the  special  operations  community. 

The  thesis  begins  with  an  introduction  to  the  SCAMPI  network.  This  serves  to  acquaint  any 
readers  outside  of  the  USSOCOM  community  with  the  fundamental  network  aspects  that  are  addressed 
in  the  study.   The  next  chapter  serves  as  a  network  management  summarization  from  many  industry 
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sources.  The  area  of  network  management  is  constantly  changing,  its  standards  are  fluid,  and  the 
obsolescence  cycle  found  in  the  computer  industry  is  amplified  by  the  change  in  all  levels  of  computer 
network  structure. 

This  thesis  also  seeks  to  consolidate  the  fundamentals  of  network  monitoring,  metrics 
collection,  configuration  control,  maintenance,  restoration,  and  accounting.  This  is  done  by  the  use  of 
tables  that  provide  more  of  a  checklist  approach  to  the  task  of  ascertaining  the  merits  of  a  planned 
acquisition  or  improvement.  This  also  provides  an  overview  of  the  primary  elements  found  in  most 
vendors  Network  Management  Systems  (NMSs).  These  sections  are  provided  to  enhance  the 
understanding  of  later  recommendations  and  solutions.  The  SCAMPI  system  is  analyzed  in  the  context 
of  what  network  management  andmetrics  functionality  is  present  and  utilized.  The  system  is  presented 
in  terms  of  industry-wide  terminology  and  practices. 

A  chapter  is  dedicated  to  the  analysis  of  current  NMS/metrics  measurement  limitations.  Six 
problem  areas  are  offered,  each  with  an  accompanying  solution.  The  problems  and  solutions  draw 
from  the  understanding  of  the  previous  industry  fundamentals  chapters.  The  implementation  of  these 
solutions  all  seek  to  increase  the  proactive  role  of  the  SRC  in  providing  enhanced  service  to  the  user. 

Following  the  recommendations  chapter  is  a  chapter  on  industry  trends  and  practices  that  most 
probably  will  have  an  impact  on  the  future  of  network  management.  These  areas  of  potential 
complications  to  the  network  management  problem  are  explained  in  the  context  of  the  technology  and 
the  possible  benefits  to  the  network  manager/user. 

In  the  interest  of  providing  a  single  source  document  for  the  network  manager/engineer/user 
several  appendixes  are  provided  with  network  management  references  and  bibliographies.  A  glossary 
of  networking  terminology  is  included.  A  summary  of  hypertext  documents  that  can  be  found  on  the 
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Internet  in  network  management  and  metrics  related  areas  is  provided. 
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I.  INTRODUCTION 

A.         MODERN  NETWORK  MANAGEMENT  ISSUES  AND  CONCEPTS 
1.  Network  Management  and  Metrics  Principles 

According  to  a  Forrester  Research  study,  the  average  5,000  user  corporate  network  costs 
more  than  $6.4  million  per  year  to  support.  The  increasing  reliance  on  computer  networks 
creates  an  accompanying  rising  support  and  management  cost.  This  reliance  also  creates  costs 
when  a  company  faces  a  downtime  on  the  network.  Industry  averages  show  this  cost  to  be 
approximately  $62,500  per  hour  of  potential  lost  revenue.  [REF  1] 

Network  monitoring  has  evolved  from  the  tools  and  techniques  that  helped  manage 
Local  Area  Networks  (LAN's)  to  the  large  scale  Network  Operations  Centers  (NOC's)  that  can 
oversee  thousands  of  nodes.  Within  this  evolution,  there  have  been  many  obstacles  to  the 
network  administrators.  Topologies  of  networks  change  rapidly  due  to  the  exponential  growth 
of  computer  networks  in  the  work  place.  Reliance  on  numerous  manufacturers  of  computer 
network  equipment  to  produce  compatible  equipment,  while  the  standards  of  networking  are 
constantly  changing,  has  caused  many  difficulties. 

The  C4I  for  the  Warrior  (C4DFTW)  concept  that  currently  guides  the  military's  adoption 
of  information  technologies  integrates  commercial  and  military  networks,  and  a  mixture  of 
system  components  to  achieve  connectivity.  The  provision  of  vastly  increased  access  to 
information  at  all  echelons  is  made  possible  by  the  use  of  modem  high  speed  computer 
networks.  This  overarching  doctrine  has  placed  the  procurement  and  deployment  of  computer 
networks  into  the  mainstream  of  industry  driven  standards  and  procedures.  [Ref.  2]    The  DoD 


no  longer  sets  its  own  unique  standards  and  drives  the  market  by  volume  purchases. 

The  interoperability,  capacity,  cost,  security,  and  availability  issues  must  constantly 
be  addressed  in  all  phases  of  a  network's  lifespan.  In  the  design  phases,  acquisition  and  initial 
production,  the  issues  of  network  management  are  usually  secondary  to  the  cost,  capacity  and 
production  factors.  Once  a  modern  network  is  operational,  the  issues  of  network  management 
and  measurement  of  system  resources  through  a  dedicated  metrics  program  becomes  a  higher 
priority.  The  establishment  and  management  of  such  a  program  require  the  understanding  of 
the  interaction  of  the  technological  aspects  of  the  network,  the  user  requirements  and  the 
capabilities  and  limitations  of  a  management  system. 

Once  a  network  is  operational,  its  status  does  not  remain  fixed.  The  normal  growth 
curve  of  users  in  modern  computer  networks  has  been  exponential.  The  bandwidth  allocated 
to  these  users  is  usually  a  limited  commodity  and  must  be  analyzed  in  the  context  of  usage  and 
future  growth. 

Network  monitoring  and  management  is  difficult.  Numerous  variables  and  factors  must 
be  considered  in  the  management  plan.  Differences  in  protocols,  hardware  variability  and 
interoperability,  incompatible  operating  systems,  bandwidth  allocations,  and  security 
requirements  force  a  network  manager  to  tailor  plans  that  while  operational  today  can  be 
essentially  dis-functional  with  any  new  additions  or  technology  changes. 

2.  Fiscal  Responsibilities  of  Network  Management 

The  fiscal  responsibility  incumbent  upon  today's  modem  military  manager  requires  the 
most  effective  use  of  resources  balanced  against  military  necessity.  Network  management 
systems  allow  the  planning,  measurement  and  monitoring  of  expensive  network  resources.  The 


predominance  of  commercial  circuits  that  have  a  monthly  lease  fee  based  on  bandwidth  and 
service  guarantees  necessitates  monitoring.  The  measurement  of  usage  and  performance  to 
insure  the  service  customer  is  getting  what  was  paid  for,  and  to  wisely  determine  future 
requirements  necessitates  a  usable  and  responsive  metrics  program. 

A  network  in  operation  is  a  dynamic  and  chaotic  process.  The  measurement  of  many 
diverse  parameters  are  necessary  to  get  a  full  picture  of  the  state  of  the  network.  An  example: 
Measurement  of  simple  bandwidth  allocations  to  individual  users  will  only  reflect  problems 
when  the  users  approach  full  capacity  of  their  allocation.  Unless  a  network  is  analyzed  to  see 
who  and  what  is  producing  the  flow  of  traffic  and  how  it  is  managed  and  transported  in  terms 
of  the  dynamics  of  the  network,  much  of  the  future  growth  indicators  can  be  missed.  Trend 
analysis  and  traffic  studies  give  a  good  historical  perspective,  but  reflect  only  the  past  usage  of 
the  network.  Networks  that  are  constantly  growing,  subject  to  rapid  ramp-ups  of  activity  in 
crisis  situations,  and  not  adequately  monitored  face  potential  complications. 

A  network  consists  of  many  dissimilar  and  technologically  complex  parts.  The 
interaction  of  complex  switching  mechanisms  and  high  speed  conduits  strives  for  a  seamless 
and  transparent  system  for  the  user.  If  a  malfunction  does  occur,  the  priority  on  rerouting, 
and/or  circuit  restoration  is  high.  The  cost  of  impeded  informational  flow,  while  hard  to 
directly  account  for  in  dollar  amounts,  is  a  serious  cost  to  modem  organizations.  The  ability 
of  a  network  management  system  to  alleviate  any  system  outages  increases  the  efficiency  and 
value  of  the  network.  The  further  down  into  a  network  an  automated  system  can  detect  and 
help  repair  assets  the  more  cost  savings  can  be  achieved.  Pro-active  measures  can  often  detect 
and  repair  network  slowdowns  or  outages  prior  to  customer  notice. 


3.  Requirements  for  Modern  Technology  Concepts 

Computer  network  management  techniques  have  evolved  with  the  explosive  growth  and 
proliferation  of  networks.  The  original  equipment  for  network  management  was  vendor 
specific  and  addressed  the  maintenance  and  management  of  a  single  or  set  of  similar  pieces  of 
network  equipment.  The  original  LAN  monitoring  devices,  capable  of  monitoring  small  scale 
operations  within  a  segment  of  a  network  have  grown  to  systems  that  can  monitor  devices  on 
a  world  wide  scale.  The  ability  of  a  device  to  determine  the  status  and  operational  capability 
of  any  of  a  multitude  of  network  components  has  required  years  of  industry  attempts  at 
standardization,  compatibility  and  internetworking  protocols.  This  evolutionary  effort  is  still 
in  an  early  stage.  The  industry  is  still  maturing  and  with  every  new  technological  achievement, 
the  obsolescence  of  existing  standards  is  not  only  possible,  but  probable. 

The  "ever  -  elusive"  state  of  the  art  in  network  management  and  metrics  measurement 
requires  the  use  of  several  modem  computer  technology  concepts.  These  concepts  include 
standardized  and  specialized  network  management  protocols,  and  agent  programs  residing  in 
managed  network  elements  to  perform  delegated  remote  tasks.  In  addition  the  formal 
techniques  of  hierarchical  naming  and  syntactical  definition  of  communicated  variables  allow 
structured  management  functionality  to  exist  at  all  network  levels. 
B.  OBJECTIVE  OF  THESIS 

1.  Examination  of  SCAMPI  System  Metrics  Program 

The  objective  of  this  thesis  is  to  examine  a  modem  CI  network,  the  USSOCOM 
SCAMPI,  (not  an  acronym),  network,  in  terms  of  Network  Management  and  Metrics.  The 
analysis  of. the  existing  Network  Management  and  Metrics  program  in  terms  of  procedures, 


protocols,  and  metrics  implementation  will  be  undertaken.  In  addition  to  the  basic  examination 
of  the  system,  the  consolidation  of  industry  practices  that  form  the  basis  of  network 
management  and  metrics  application  will  be  presented  to  gauge  the  performance  criteria 
present  in  the  existing  SCAMPI  system.  This  review  will  also  serve  as  a  condensed  reference 
for  anyone  needing  a  quick  survey  on  modem  network  management  practices. 

2.  Recommendations  For  Improvements  In  The  Metrics  Program 

Upon  completion  of  this  examination  of  the  SCAMPI  network,  recommendations  will 
be  offered  in  terms  of  metrics  program  improvements  and  future  network  management 
innovations.  It  is  hoped  that  this  study  will  serve  as  a  basis  for  further  improvement  of  the 
metrics  and  network  management  process  in  this  and  similar  DoD  networks. 

C.  SCOPE,  LIMITATIONS  AND  ASSUMPTIONS 

The  scope  of  this  investigation  is  limited  to  the  USSOCOM  SCAMPI  C4I  network  but 
will  have  applicability  in  any  modem  C4I  network.  The  resulting  metrics  definitions,  findings 
and  recommendations  will  be  delivered  to  USSOCOM  upon  thesis  completion. 

D.  ORGANIZATION  OF  THESIS 

This  thesis  is  organized  into  six  chapters.  This  chapter  provides  basic  introduction, 
objectives,  scopes  and  limitations  of  the  work  to  be  performed.  Chapter  II  provides  an 
introduction  to  the  USSOCOM  SCAMPI  Network.  Chapter  HI  condenses  into  table  form  an 
industry  wide  survey  of  Network  Management  and  Metrics.  This  chapter  can  serve  as  a  check 
list  for  functionality  on  network  management  systems.  Chapter  TV  covers  the  metrics 
implementation  of  the  SCAMPI  network.  Chapter  V  provides  initial  recommendations  and 
implementation  for  a  pro-active  metrics  plan  for  USSOCOM.     It  examines  metrics  limitations 


and  network  management  shortfalls  as  currently  configured,  with  recommendations  for  a  pro- 
active metrics  plan.  It  will  discuss  implementation  and  system  requirements.  Chapter  VI 
explores  the  implications  of  near  term  technology  innovations  on  network  management  and 
metrics  and  examines  the  basis  for  further  research  areas. 

Appendices  are  provided  to  expand  certain  networking  management  concepts  and  to 
provide  more  detailed  definitions  of  terms  and  concepts.  In  addition  resources  that  are  directly 
related  to  the  topic  but  not  cited  in  the  reference  section  are  listed.  Network  fluent  readers  will 
have  less  need  of  these  than  those  readers  new  to  network  management  and  metrics.  Appendix 
A  provides  USSOCOM  Traffic  study  examples  cited  in  the  thesis.  Appendix  B  provides 
additional  and  amplified  network  definitions.  Appendix  C  provides  a  comprehensive 
bibliography  of  modern  network  reference  sources.  Appendix  D  provides  hyper-text  links  to 
network  management/metrics  sites  that  are  government  and  industry  representative. 


II.  USSOCOM  SCAMPI  NETWORK  ARCHITECTURE 

A.         SCAMPI  SYSTEM  DESCRIPTION 

A  brief  overview  of  the  SCAMPI  telecommunications  network  is  provided  for  those  not 
familiar  with  the  system.  This  description  will  acquaint  the  reader  about  those  network  features 
relevant  to  this  examination  of  Network  Management  and  Metrics  measurement  issues.  For 
those  readers  familiar  with  SCAMPI,  this  chapter  can  be  skimmed  or  skipped  entirely. 

Special  operations  forces  (SOF)  have  unique  missions  that  include  direct  action, 
strategic  reconnaissance,  unconventional  warfare,  foreign  internal  defense,  and  counter 
terrorism.  The  execution  of  these  missions  often  requires  communications  and  intelligence 
systems  support  that  is  distinctly  different  from  that  required  by  conventional  forces.  [Ref.  4] 

SCAMPI ,  is  a  communications  system  that  was  created  to  allow  dissemination  of  C4I 
information  between  the  United  States  Special  Operations  Command  (USSOCOM),  its 
components  and  their  major  subordinate  units,  and  selected  Government  agencies  and  activities 
directly  associated  with  the  special  operations  community.  [Ref.  8] 

The  SCAMPI  network  provides  gateway  service  for  the  special  operations  community 
to  external  DoD  classified  voice,  data  and  video  teleconferencing  (VTC)  systems. 
Transmission  of  data  between  nodes  of  the  SCAMPI  system  is  over  Defense  Information 
Technology  Contracts  Office  (DITCO)  leased  Tl  and  fractional  Tl  (FT1)  lines.  SCAMPI 
carries  collateral  and  sensitive  compartmented  voice,  data  and  VTC  information.  [Ref.  11,  17] 

All  information  sent  over  the  leased  lines  is  fully  secured  using  one  or  two  levels  of 
encryption.     The  embeddable  KG-84  COMSEC  Module  (KTV-7)  provides  the  encryption 


mechanism  for  the  network.  [Ref.  15]  No  Multiple  Level  Security  issues  are  covered  in  the 
context  of  this  thesis.  The  issues  of  security  as  related  to  Network  Management  are  reviewed 
in  the  functionality  sections. 

Numerous  systems  and  applications  ride  on  the  SCAMPI  network.  HQ  USSOCOM, 
USSOCOM  component  forces,  and  the  USSOCOM  Washington  Office  LANs  are  connected  by 
SCAMPI  to  form  a  command  LAN.  SCAMPI  provides  connectivity  for  the  SOCRATES, 
METOC  and  other  special  operations  analysis  tools  used  by  the  SOF  community.  [Ref.  4,  10] 
B.  SCAMPI  NETWORK  TOPOLOGY 

1.  Basic  Informational  Flow  Topology 

Figure  2-1  shows  the  basic  network  information  flow  topology  for  a  single  connection 
using  the  SCAMPI  system  and  the  gateway  terminals  [After  Ref.  17].  Components  of  the 
topology  are  explained  in  the  following  paragraphs. 

Ground  Entry  stations  provide  an  interface  for  the  SCAMPI  network  to  allow  an 
overseas  extension  of  the  information  available  on  the  basic  network.  These  entry  stations  are 
primarily  commercially  manufactured  satellite  terminals  that  exist  at  DISN  Terrestrial  Gateway 
sites.  The  deployable  SHF  Tri-band  Satellite  Terminals  that  allow  SCAMPI  to  have  inter- 
connectivity  on  a  world-wide  basis  operate  on  the  C,  X,  and  Ku  band  operational  frequencies. 
The  deployable  packages  include  downsized  electrical  equivalent  replacements  for  the  20-foot 
Quick  Reaction  Satellite  Antenna.  [Ref.  15]  Defense  Satellite  Communications  System 
provides  the  satellite  channels  necessary  to  relay  the  SCAMPI  network  to  deployable  nodes. 
The  DSCS  SHF  SATCOM  space  segment  consists  of  DSCS  II  and  m  satellite  constellations 
with  coverage  areas  ranging  from  75  degrees  North  to  75  degrees  south.  [Ref.  4] 
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Figure  2-1  Basic  SCAMPI  Configuration 

The  ability  to  rapidly  link  the  deployed  SOF  contingent  with  the  connectivity  and 
functionality  of  the  SCAMPI  network  allows  interoperability  on  a  world-wide  basis.  The 
deployable  SCAMPI  nodes  share  the  inter-connectivity  of  all  other  CONUS  based  nodes  and 
the  basis  for  network  management  and  metrics  still  exists  in  this  deployed  status. 

Figure  2-2  shows  a  notional  diagram  of  the  SCAMPI  network.  [After  Ref  17]  It  is 
provided  to  illustrate  the  types  of  internetwork  connectivity,  bandwidth,  and  nodal  relationships 
that  exist  in  the  CONUS  and  deployed  SCAMPI  network.  No  geographical  attributes  of  the 
system  are  labeled  but  the  reader  should  understand  that  the  system  covers  SOF  organizations 
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Figure  2-2  SCAMPI  Hub  Topology,  Notional 
on  both  coasts  and  multiple  sites  in  the  Southeast. 

This  network  is  specifically  tailored  to  cover  the  special  operations  missions  and 
support  functions.     SCAMPI  is  currently  extended  to  over  35  organizations  in  the  SOF 
community,  and  will  be  available  for  use  by  a  Joint  Task  Force  (J  IF)  and  a  JSOFT,  as  well  as 
the  special  operator.  [Ref.  17] 
C.         SYSTEMS  READINESS  CENTER  (SRC)  IMPLEMENTATION 

The  SRC  serves  as  the  Network  Operations  Center  (NOC)  equivalent  in  commercial 
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industry  terminology.  The  SRC  is  located  at  the  USSOCOM  headquarters  but  allows 
management  functionality  to  exist  for  the  entire  network,  including  pre-deployment  checkouts 
on  deployable  SCAMPI  Nodes.  The  SRC  serves  in  the  capacity  of  a  24  hour  trouble  desk 
facility.  Any  network  or  computer  related  problem  can  be  referred  to  the  center.  Help 
operators,  in  addition  to  being  able  to  answer  questions  on  common  workplace  applications,  can 
take  information  about  a  system  malfunction  and  enter  it  into  the  tracking  system.  [Ref.  1 7] 
D.         SCAMPI  NETWORK  MANAGEMENT  SYSTEM  (NMS) 

The  SCAMPI  SRC  uses  two  NMS's,  Network  Equipment  Technologies  (NET)  Open 
5000  and  the  Hewlett  Packard  Openview.  The  NET  Open  5000  is  used  to  monitor  the 
functionality  of  the  IDNX  90's  and  other  NET  equipment.  The  HP  Openview  is  primarily  used 
to  examine  other  elements  of  the  SCAMPI  network.  The  HP  Openview  is  also  extended  by  a 
third  party  application,  Transcend®,  which  allows  an  enhanced  examination  and  management 
of  3COM  products.  The  ability  to  view  graphical  representations  of  a  device  and  allow 
"virtual"  manipulation  of  the  network  device  such  as  allowed  in  Transcend  is  a  feature  common 
in  modem  network  management  tools.  [Ref.  6,7,17] 
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III.  NETWORK  MANAGEMENT  AND  METRICS 

A.         NETWORK  MANAGEMENT  OVERVIEW 

This  chapter  summarizes  volumes  of  industry  terminology  and  practices.  The  intent  is 
to  acquaint  the  reader  with  the  fundamentals  necessary  to  understand  the  problems  and 
proposed  solutions  for  network  management  and  metrics  implementation.  The  tables  provided 
in  this  thesis  will  hopefully  allow  more  of  a  checklist  approach  to  be  undertaken  to  measure  the 
functionality  present  in  any  network  management  system  that  is  being  proposed  or  reviewed 
for  completeness. 

The  industry  practices  that  are  condensed  into  table  form  are  not  present  in  all  network 
management  systems.  Vendors  emphasize  different  aspects  and  approaches  to  this  very 
difficult  problem.  Vendors  that  produce  network  components  structure  their  network 
management  systems  to  favor  and  support  aspects  present  in  their  components. 

The  networks  management  and  metrics  measurement  systems  are  constantly  evolving 
so  this  is  just  a  snapshot  of  the  state  of  the  art  at  the  time  of  writing.  HyperText  links  to 
industry  sources  and  network  management/metrics  sites  are  compiled  and  presented  in 
Appendix  D.  The  review  of  these  and  other  online  links  by  administrators  and  network 
engineers  on  a  periodic  basis  is  recommended  to  preclude  the  "18  month  technological 
obsolescence  cycle"  which  is  even  more  pertinent  to  this  field. 

1.  Network  Management  Systems  (NMS's) 

Network  Management  Systems  in  their  simplest  forms  provide  the  basis  for:  network 
monitoring -metrics  collection,  configuration  control,  maintenance,  accounting,  and  restoration 
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[Ref.  9].  The  basic  purpose  of  network  management  is  to  automate  the  processes  of  monitoring 
and  adjusting  the  performance  of  a  network,  as  well  as  providing  reports  and  measurements 
(metrics)  of  network  activity.  NMS's  exist  in  differing  degrees  of  complexity  and 
sophistication.  The  amount  of  network  management  present  in  a  network  is  usually  dictated 
by  several  factors,  including  policy  and  budget.  A  large  network  is  not  always  indicative  of 
network  management  presence.  Several  large  universities  were  examined  in  the  course  of 
research  for  this  thesis  and  neither  had  any  structured  management  system  in  place. 

2.  NMS  Functional  Management  Areas 

Tables  3-1  through  3-5  provide  a  reduction  to  tabular  reference  form,  and  facilitates 
a  quick  cross  reference  of  each  of  the  NMS  functional  management  areas.  These  functions  exist 
in  differing  degrees  in  different  vendor  packages.  Different  divisions  and  definitions  of  these 
functional  areas  exist  with  different  vendors.  The  division  presented  here  attempts  to  survey 
the  field  and  include  functionality  from  many  different  areas.  [Ref.  21,22,23,24,25,26]  Each 
table  will  have  amplifying  remarks  following.  All  tables  are  organized  into  functionality  areas 
on  the  left  with  representative  and  illustrative  industry  examples  on  the  right. 

The  elements  of  the  functional  management  area  can  be  overlapping  into  several  areas. 
For  example,  measures  that  can  determine  performance  management  can  also  be  related  to 
those  in  the  fault  management  and  restoration  areas.  The  adaptation  of  measures  in  one  area 
may  also  have  unintended  interactions  in  another.  Examples  might  include:  Security  measures 
may  slow  performance,  and  fault  management  may  occur  at  the  expense  of  network  throughput. 
The  network  engineer  and  administrator  needs  to  consider  the  ramifications  of  such  policies. 

Table  3-1  details  the  elements  and  tasks  performed  in  performance  management. 
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PERFORMANCE  MANAGEMENT 

Gather  performance  data  on  those  variables 
of  interest 

Allows  automated,  selective  collection, 
retrieval,  storage  and  manipulation  of  data 
Metrics  can  then  be  generated  for 
management  decisions  or  automated 
network  restoration 

NMS  should  be  able  to  monitor,  analyze 
and  generate  user  defined  reports  on  the 
metrics  selected  for  use 

Analyze  the  data  to  determine  normal 
(baseline)  levels 

Benchmark  levels  are  determined  from 
normalized  operational  measurements  and 
calculations  on  selected  parameters 

Determine  performance  thresholds  for  each 
variable 

Allows  establishment  of  alarms  to  - 
alert/assist  Network  Operations  Center 
(NOC)  operators  when  values  depart  from 
preset  thresholds 

Simulation 

Determine  performance  measures  given 
differing  configurations,  routings, 
equipment  line-ups,  degradations 

Tasks  performed  by  performance 
management: 

Monitoring  and  measurement  of  quality  of 
service  (QoS)  parameters,  detection  of 
performance  bottlenecks,  QoS  reporting, 
performance  and  capacity  planning. 

Table  3-1  Performance  Management 
Performance  management  exists  in  several  categories.  Depending  on  the  monitored 
devices  this  can  be  as  simple  as  determination  of  the  status  of  the  interconnecting  links  or  as 
complex  as  advanced  metrics.  Advanced  performance  management  can  also  enable  pro-active 
methods.  An  often  cited  example  of  pro-active  performance  management  methodology  is 
network  simulation.  Network  simulation  can  be  used  to  project  how  network  growth  or  changes 
in  operational  tempo  will  affect  performance  metrics.    Network  management  packages  can 
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include  this  feature  as  a  standard  application  or  allow  the  use  of  a  "plug-in"  simulation  package. 
Analysis  of  growth  and  its  impact  on  an  existing  network  can  be  one  of  the  most  beneficial 
byproducts  of  simulation.  Projected  growth  patterns  observed  by  metrics  can  be  applied  to 
"what  if  scenarios  to  analyze  the  performance  of  the  network  under  projected  growth  factors. 

Networks  that  are  subject  to  greatly  varying  traffic  loads,  such  as  a  military  network, 
can  use  simulation  to  model  and  validate  system  capacity.  Contingency  planning  and 
operations  can  stress  a  network's  capacity  compared  to  the  relatively  low  level  of  day  to  day 
support  functions.  The  ability  to  project  the  impact  of  a  loss  of  a  node  in  a  battle  or  crisis 
situation  is  also  an  aspect  that  simulation  can  provide  the  military  planner. 

Table  3-2  details  the  asset/configuration  management  area: 


ASSET/CONFIGURATION  MANAGEMENT 

Monitor  network  and  software 
configuration  information 

Tracking  of  existing  network  elements  and 
their  software  licensing/application 
loadouts  for  ADP  compliance 
Storage  of  all  address  and  management 
information  databases  necessary  to 
maintain,  restore,  or  reconfigure  the 
network 

Autodiscovery 

The  ability  to  discover  and  map  new 
additions  to  the  enterprise  network 
(within  community  string  limitations) 

Password  protection  (of  NMS) 

Prevent  unauthorized  changes  to 
configuration 

Tasks 

Automatic  documentation  of  configuration, 
resource  configuration,  remote 
configuration,  administration  of  network 
history,  initialization  and  monitoring  of 
configuration  operations. 

Table  3-2  Asset/Configuration  Management 
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A  network  consists  of  a  number  of  resources  that  have  to  operate  in  a  certain  manner. 
Configuration  management  will  combine  and  adapt  resources  in  order  to  supply  the  requested 
system  performance.  Network  configuration  changes  can  have  positive  or  detrimental  effects 
on  the  performance,  stability  and  availability  of  network  assets.  Derived  metrics  most  always 
require  the  knowledge  of  numbers  of  users  and  allocated  resources.  Changes  in  network 
configurations  that  are  not  known  to  the  metric  process  can  produce  very  misleading  metrics. 

Network  configurations  can  be  maintained  in  configuration  profiles.  This  type  of 
structured  approach  allows  a  simplification  in  the  deployment  and  evolution  of  facilities.  An 
organization  can  utilize  the  system  to  facilitate  software  and  firmware  distributions  as  well  as 
synchronizing  the  automated  setup  of  network  devices. 

Auto-discovery  is  a  feature  that  allows  the  system  to  constantly  monitor  and  detect  the 
presence  of  new  assets  from  their  internetwork  communications.  Generally  auto-discovery  is 
limited  in  its'  search  function  by  the  community  strings  that  are  given  it.   These  community 
strings  are  the  "names"  of  the  network  segment  that  the  NMS  has  selected  for  monitoring. 
[Ref.  9] 

In  commercial  networks  the  asset/configuration  management  area  provides  the 
inventory  and  financial  management  of  the  network's  equipment,  facilities  and  software.  The 
management  area  can  compute  the  associated  location,  costs,  vendors  and  warranty 
information.  The  support  in  computing  costing  of  existing  network  elements  and  planning  for 
future  asset  acquisition  is  enabled  with  this  functionality. 

Table  3-3  illustrates  the  accounting  management  areas  and  tasks: 
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ACCOUNTING  MANAGEMENT 

Usage  patterns 

Determines  where  the  traffic  handled  on 
the  network  is  originated  and  in  what 
quantities. 

Usage  quotas 

Determines  overages  and  underutilization 

of  circuits  to  allow  optimum  fiscal  and 
operational  management 

Resource  utilization 

Allows  economic  and  performance  analysis 
of  existing  circuits 

Tasks 

Monitoring  of  accounting  data,  handling  of 
accounts,  assignment  of  costs  to  accounts, 
supervision  of  quotas,  accounting  statistics 

Table  3-3  Accounting  Management 

The  primary  purpose  of  accounting  management,  is  to  measure  network  utilization  so 
that  users  of  the  network  get  their  allocated  service.  The  first  step  toward  appropriate 
accounting  management  is  to  measure  utilization  of  all  important  network  resources.  In  a  non- 
billed  network,  where  users  don't  pay  directly  for  their  usage,  the  use  of  accounting 
management  is  best  suited  to  ensuring  optimal  resource  utilization. 

Usage  patterns  and  resource  utilization  require  the  ability  to  monitor  origination  and 
destination  headings  of  traffic.  Without  revealing  any  of  the  content  of  the  message  the  system 
needs  to  be  able  to  track  originations  and  successful  deliveries  of  data.  [Ref.  1] 

Fault  management  is  delineated  in  Table  3-4: 
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FAULT  MANAGEMENT 

Detect,  log,  automatically  fix  (to  extent 
possible) 

The  ability  to  execute  pro-active  network 

restoration  routines 

Restoration  routines  often  scripted  and 

automated 

Monitor  activity  and  changes  in  network 

Issue  real-time  alarms  to  NOC's 
Log  all  faults  and  alarms 
Test  connectivity  of  all  devices 

Tasks 

Monitoring  of  network  status,  reception 
and  computation  of  alarms,  fault 
diagnostics,  initialization  and  monitoring 
of  fault  recovery,  user  support 

Table  3-4  Fault  Management 

The  primary  aim  of  Fault  Management  is  to  detect,  log  and  automatically  restore 
network  service.  The  ability  to  pro-actively  and  automatically  reroute  traffic  based  on  a 
predetermined,  controlled  algorithm  allows  the  least  amount  of  down  time  or  delay  to  a 
network  user.  If  a  system  has  suffered  a  catastrophic  failure  of  major  nodes  the  system  may 
have  to  revert  to  a  scripted  restart  of  major  components.  If  the  system  does  not  have  fully 
automated  re-route  capability  the  system  should  give  the  operator  assistance  in  manual 
restoration. 

An  increasingly  used  function  of  fault  management  is  in  the  area  of  reliability  analysis. 
[Ref  24]  While  the  NMS  can  be  used  in  the  troubleshooting  and  restoration  mode,  the  analysis 
of  the  reliability  characteristics  of  components  ensures  better  system  operation  through 
prediction.  This  ability  to  conduct  analysis  places  the  system  in  more  of  a  proactive  mode  that 
allows  a  higher  quality  of  service  to  be  achieved. 
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Fault  management  also  overlaps  the  area  of  testing  connectivity  of  the  network.  The 
metrics  dealing  with  connectivity  include  the  measures  of  availability  of  network  interfaces, 
transmission  characteristics  such  as  transit  time  and  delay,  as  well  as  the  detection  of  error 
creating  malfunctions. 

Security  management  is  outlined  in  table  3-5: 


SECURITY  MANAGEMENT 

Monitor  access  points 

Primarily  in  unclassified  networks  but 
applicable  in  classified  systems  when 
using  external  networks 

Identify  sensitive  network  resources 

Identification  of  threat  potentials  and  the 
pro-active  utilization  of  redundancy  and 
automatic  backup  routines 

Tasks 

Access  control,  encryption  of  data, 
authentication,  operation  of  security  tasks 

Table  3-5  Security  Management 

The  primary  purpose  of  the  security  management  functionality  is  to  provide  for  the 
definition,  maintenance,  application  and  enforcement  of  an  organizations  security  policy. 
[Ref.  25]  This  should  occur  across  the  network,  regardless  of  technologies  or  infrastructures. 
This  becomes  increasingly  important  as  private  networks  are  interfaced  to  external  networks. 
The  requirement  to  interface  with  the  Internet  and  the  SIPRNET  adds  complexity  to  the 
security  management  requirements  of  an  organization. 

In  encrypted  and  closed  networks  this  function  is  not  generally  handled  the  same  as  in 
un-encrypted  networks  that  deal  with  internetwork  connections.  If  however,  a  linkage  to  an 
outside  network  is  enabled,  additional  security  issues  must  be  addressed  and  ensured. 

Multiple  Level  Security  implementation  is  currently  a  difficult  problem  for  most  DoD 
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networks.  Pending  technological  advances  and  incorporation  of  the  chosen  solution,  this 
problem  remains  unsolved.  Multiple  level  security  issues  are  not  addressed  in  this  thesis  in  the 
context  of  network  management. 

Table  3-6  provides  an  initial  look  at  types  of  monitored  events  that  can  be  handled  by 
a  network  management  system.  [Ref.  5,  9,  25]  These  events  can  be  the  basis  for  metrics 
measurements  and  can  provide  troubleshooting  aids  to  the  NOC  engineers. 


TYPES  OF  MONITORED  EVENTS: 

Number  and  state  of  its  virtual  circuits 

This  type  of  event  includes  auto-discovery 
related  topology  corrections. 
If  GUI  MMI  present  will  be  presented  in 
topological  format 

Number  of  certain  kinds  of  error  messages 
received 

Packet  error  messages, 

Number  of  bytes  and  packets  in  and  out  of 
device 

Typically  from  routers  and  node  switches 

Maximum  output  queue  length  (for  routers 
and  other  internetworking  devices) 

Queued  responses  or  trap  messages 

Broadcast  messages  sent  and  received 

Error  messages  based  on  predetermined 
events  or  levels 

Network  Interfaces  going  down  and 
coming  up 

Can  be  trap  messages  or  reboot  messages 
from  switches 

Table  3-6  Types  of  Monitored  Events 
3.  NMS  Attribute  Characterization 

Table  3-7  summarizes  many  of  the  industry  wide  characteristics  of  NMS's  at  the  time 
of  writing.  [Ref.  21,22,23,24,25,26]  These  are  generic  and  non-vendor  specific  unless  noted. 
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ATTRIBUTES  OF  TYPICAL  NMS's: 

Able  to  monitor  large  numbers  and  types  of 
network  devices: 

Routers,  hubs,  concentrators,  switches, 
servers,  PC's,  printers,  etc. 
Increasingly  any  device  connected  to  the 
network 

Scalable 

1000,    5,000     10,0000+  are  typical  values 
for  the  number  of  network  elements  (devices) 
able  to  be  monitored  and  managed 
NMS  Packages  usually  have  pricing  structures 
based  on  scalability  limits 

Enterprise-wide  monitoring 

Able  to  cover  entire  network  and  interfaces  to 

other  services 

Helps  distinguish  who  has  the  outage  -  Internal 

or  External  to  a  network 

WAN  coverage  with  LAN  probe  functionality 

Use  the  IP-based  SNMP  Protocol  and  RMON 
extensions  to  monitor  most  types  of  network 
elements 

If  not  using  SNMP  will  use  CMIP  or  SNA  or 
similar  standards. 

Non-vendor  specific 

Allows  a  single  NMS  to  service  an  entire  non- 
homogenous  network 
May  require  3rd  Party  plug-ins  to  monitor 
some  devices 

Provide  a  platform  on  which  third  party 
applications  for  the  monitoring  of  specific 
devices  can  be  run 

Example  3COM  Products  -  Transcend 

Runs  under  UNIX  or  NT,  and  can  be  extended 
so  that  locally  developed  and  commercial 
server  processes  can  be  monitored 

Typically  on  a  Work  Station,  with  dedicated 
usage  and  sufficient  hardware  and  memory 
resources 

Allow  an  operator  to  use  graphical  tools  to  do 
ad  hoc  inquiries  about  the  state  of  devices  on 
the  network 

As  in  HP  Openview  and  Transcend 

Table  3-7  Attributes  of  Typical  NMS's 

These  baseline  functional  attributes  are  typically  included  in  most  NMS  packages  with 
additional  options  and  vendor  specific  plug-in  packages  available. 
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A  consolidated  table  of  NMS  functionality  is  provided  in  Table  3-8.  [Ref.  25,  27] 


Management  Function 

Description 

Object  Management 

Create,  delete,  examine,  and  update 
objects;  report  that  such  manipulations 
have  taken  place. 

State  Management 

Monitor  object's  management  states;  report 
when  these  states  are  changed. 

Relationship  Management 

Establish,  monitor,  and  view  the 
relationships  among  objects.  May  also 
include  the  auto-discovery  capability  to 
discern  new  additions  to  a  network. 

Alarm  Reporting 

Provide  notice  of  and  information  about 
faults,  errors  or  other  network 
abnormalities. 

Event  Reporting 

Select  events  to  be  reported;  specify  the 
destination  of  reporting.  Distributed 
management  levels  may  require  multiple 
reporting  destinations. 

Security  Alarm  Reporting 

Provides  notice  of  security  alarms  set  by: 
improper  procedures,  illegal  entry 
attempts,  can  include  physical  entry  if  tied 
into  the  network  reporting. 

Security  Audit  Trail 

Provides  ability  to  reconstruct  events  and 
procedures  that  were  used  in  a  improper  or 
illegal  entry  attempt  or  measure 

Log  Control 

Handles  event  logs,  log  events,  and  allows 
creation  of  new  logs. 

Access  Control 

Controls  access  to  networks,  applications, 
and  data 

Table  3-8  Consoli dated  NMS  Functionality 
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B.  NMS  STRUCTURES 

1.  Managed  Objects 

Network  management  models  are  built  around  managed  objects,  which  are  any  network 
elements  that  can  be  used  or  monitored.  These  models  generally  specify  the  kinds  of  attributes 
managed  objects  must  have  and  the  kinds  of  functions  associated  with  them.  A  network 
management  configuration  generally  involves  a  managing  process,  which  runs  on  a  managing 
station.  The  managing  process  collects  performance  and  other  data  about  the  network  or  about 
particular  nodes  on  the  network.  This  information  is  actually  gathered  by  managing  agents, 
which  are  programs  that  monitor  workstations,  PC's,  printers,  or  any  other  network  device,  and 
that  can  report  this  information  to  a  managing  process.  The  details  of  this  monitoring  and 
reporting  process  help  distinguish  different  network  management  models.  [Ref.  9] 

Network  management  is  generally  implemented  as  a  high-level  application,  so  that  the 
management  software  uses  well-established  protocol  suites,  such  as  the  TCP/IP  protocols,  to 
do  its  work  and  to  move  its  information  around.  Various  models  have  been  proposed  for 
network  management.  The  two  most  comprehensive  proposals  are  the  models  developed  for  the 
Internet  Protocol  (IP,  or  TCP/IP)  and  for  the  ISO's  seven-layer  OSI  (Open  Systems 
Interconnection)  model.  In  addition,  major  network  management  packages  still  rely  on 
mainframe-based  management  models,  such  as  those  developed  by  IBM,  DEC,  and  AT&T. 
[Ref.  9]    A  typical  NMS  system  is  shown  in  Figure  3-1 . 

This  figure  shows  a  typical  first  generation  NMS  enhanced  by  a  proxy  server.  [After 
Ref.  9,21]  The  functionality  shown  is  purposeful  to  match  the  studied  NMS  in  this  thesis. 
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Typical  Network  Management  Architecture 
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Figure  3-1  Typical  Network  Management  Architecture 
2.  Network  Management  Station  Software 

The  network  management  capabilities  are  usually  implemented  in  software.  The 
management  tools  may  be  specialized  (for  example,  collecting  just  performance  data)  or 
comprehensive.  Tools  must  have  monitoring,  reporting,  and  analysis  capabilities.  Those  tools 
that  will  serve  as  managing  processes  as  the  control  programs  for  the  network  management  also 
need  control  capabilities.  In  general  the  management  models  do  not  specify  the  details  of  how 
these  capabilities  are  to  be  implemented.  For  example,  programs  may  report  data  in  text  or 
graphics  form. 

Programs  will  also  differ  in  their  monitoring  capabilities.  The  tools  may  be  designed 
for  Local  Area  Network  (LAN)  or  Wide  Area  Network  (WAN)  management  or  both.  Although 
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many  of  the  tasks  are  the  same  for  managing  both  LANs  and  WANs,  there  are  some  important 
differences,  mainly  with  respect  to  reporting  and  timing.  Management  tools  that  are  designed 
to  manage  both  LANs  and  WANs  are  sometimes  known  as  Super  Managers,  and  they  are  part 
of  even  more  comprehensive  architectures. 

An  agent  is  a  software  process  (daemon)  running  in  a  remote  device.  It  is  an  embedded 
process  which  monitors  the  activity  of  the  device's  interfaces  and  stores  all  the  information  that 
is  monitored  into  system  memory  that  can  not  be  cleared  until  the  device  is  re-powered.  The 
information  that  is  gathered  is  placed  into  registers  that  correspond  to  variables  of  interest  to 
the  SNMP  process.  Each  device  in  the  network  has  a  separate  and  distinct  set  of  management 
information.  [Ref  9] 

An  agent  is  hosted  by  the  device  and  is  dependent  upon  the  device  being  operational 
and  functional  to  allow  communication  back  to  the  NMS.  SNMP  agents  monitor  the  desired 
objects  in  their  environment,  package  this  information  in  the  appropriate  manner,  and  ship  it 
to  the  management  station,  either  immediately  or  upon  request. 

In  addition  to  packets  for  processing  requests  and  moving  packets  in  and  out  of  a  node, 
the  SNMP  includes  traps.  A  trap  is  a  special  packet  that  is  sent  from  an  agent  to  a  station  to 
indicate  that  something  unusual  has  occurred.  This  information  follows  a  predetermined  format 
and  procedural  occurrence.  [Ref.  9] 

3.  NMS  Protocols 

Network  management  protocols  are  usually  either,  the  SNMP  of  the  Internet  Protocol 
Suite  (TCP/IP)  widely  used  in  data  networks,  or  the  ISO  CMTP  for  use  in  public 
telecommunications  networks.  [Ref.  9]  The  protocol  that  is  applicable  to  this  study  and  thesis 
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is  the  SNMP  and  any  extensions  of  the  basic  protocol. 

4.  Management  Information  Base  (MIB) 

The  data  communicated  between  the  Network  Management  System  (NMS)  and  the 
managed  entity  (agent)  are  formally  defined  as  object  classes  in  a  Management  Information 
Base  (MIB)  or  Management  Information  Tree  (MIT).  The  format  is  the  Abstract  Syntax 
Notation  -  1  (ASN.  1)  and  is  encoded  for  transport  using  the  Basic  Encoding  Rules  (BER). 

The  implementation  of  the  agent  is  dependent  on  the  device  in  which  the  agent  will 
reside.  The  vendor  of  the  device  usually  is  responsible  for  any  implementation  of  Network 
Management  functionality.  As  long  as  implementation  of  the  agent  is  compatible  with  the 
standard  protocol,  MIB  or  MIT  definition  and  encoding  conventions  the  agent  will  be 
manageable  by  the  NMS.  [Ref.  24] 

Open  applications  and  extensible  agents  need  not  be  written  in  the  same  language. 
While  NMS  applications  are  "open"  and  can  be  modified  for  increased  functionality  and 
extended  to  manage  more  agents,  the  agents  are  usually  closed  systems  and  generally  cannot 
be  modified.  If  an  entity  is  modifiable,  the  amount  of  system  assets  available  to  management 
functionality  usually  is  very  small.  Many  managed  entities  lack  the  ability  to  be  directly 
managed  in  either  the  SNMP  environment. 

5.  Remote  Monitoring  (RMON) 

Devices  that  traditionally  have  been  employed  to  study  the  traffic  on  the  network  are 
referred  to  as  network  analyzers,  or  probes.  These  monitors  operate  in  a  "promiscuous"  mode, 
viewing  every  packet  in  the  circuit  to  be  analyzed.  These  devices  can  be  located  in  any  type 
of  network,  with  the  location  determining  the  level  at  which  they  monitor.  PC's  with  a  RMON 
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program  can  monitor  LAN  activity.    Routers  can  have  RMON  probes  attached  or  have 
imbedded  functionality.  [Ref.  24] 

The  monitor  produces  summary  information,  including  error  statistics,  such  as  counts 
of  undersized  or  oversized  packets  and  number  of  collisions.  Performance  statistics,  such  as 
number  of  packets  delivered  per  second  and  packet  size  distributions  can  be  determined  by  this 
form  of  monitoring.  There  are  many  metrics  that  are  unattainable  without  the  presence  of  a 
RMON  device.  The  misplaced  concern  for  security  of  traffic  has  caused  many  a  manager  to 
not  be  able  to  adequately  configure  probes  in  the  network.  The  address  headers  of  packets,  not 
the  content  of  the  message,  is  what  is  important  to  read  and  measure. 

6.  Network  Management  Standards 

Networks  are  very  heterogenous  in  composition.  Multiple  vendors  coupled  with  only 
Requests  for  Comment  (RFC)'s  for  industry  "standardization"  allows  a  wide  variance  in  the 
implementation  of  network  functionality.  In  the  area  of  network  management  implementation 
this  variance  reflects  industry  trends.  Technological  changes  produce  legacy  elements  that 
while  still  useful  for  task  production  may  not  communicate  well  with  newer  management 
systems.  The  constant  moving  target  of  industry  standardization  has  produced  several  versions 
of  each  standard.  SNMP  is  currently  SNMP  v.2,  MEB  is  currently  MTB  II,  etc.  Each  new 
manufacturing  cycle  institutes  current  standards  but  may  not  include  backwards  compatibility 
for  all  functions.  [Ref.  9] 
C.         METRICS 

1.  Metrics  Functionality 

The  ability  to  collect  metrics,  or  measurements  of  network  performance,  exists  through 
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the  Network  Management  System's  (NMS)  functionality.  Each  element  of  the  network,  that 
has  network  management  functionality  embedded  in  it  in  any  form,  is  capable  of  storing  and 
reporting  events  that  when  processed  and  analyzed  can  produce  metrics.  These  metrics  are 
dependent  upon  the  ability  of  the  NMS  to  provide  tasking  as  to  what  is  to  be  collected,  what  is 
reported,  when  is  it  reported  and  what  aggregate  of  time  does  each  reporting  period  cover. 
[Ref .  2 1  ]  Without  a  managed  plan  of  metrics  measurement  most  organizations  are  limited  to 
simply  measuring  the  availability  of  circuits  and  possibly  their  allocated  bandwidths. 

Any  network  element  that  is  not  SNMP  functional  may  have  metrics  gathered  on  it  by 
a  related  or  close  proximity  element  that  is  operational.  An  example  of  this  would  be  in  a  LAN 
in  which  not  every  device  contains  an  agent  but  the  server  serves  as  an"  intelligent  agent"  and 
reports  on  all  the  devices  in  a  LAN  sub-segment.  Distributed  management  functionality  such 
as  this  instance  is  not  always  present  in  some  Network  Management  implementations  but  rather 
have  only  a  single  station  that  polls  all  elements. 

Metrics  also  have  to  tailored  to  the  management  objective.  The  simple  flow  of  traffic 
through  a  network  element  will  produce  any  set  of  management  statistics  that  are  requested. 
If  the  statistics  measured,  recorded,  stored  and  then  forwarded  do  not  match  the  management 
objective  the  effort  is  wasted.  [Ref.  9,  21]  The  NMS  and  metrics  process  also  adds  to  the  total 
network  traffic.  The  aim  of  most  systems  is  to  make  this  process  very  transparent  and 
insignificant  in  terms  of  network  statistics. 

The  ability  to  accomplish  all  metrics  functionality  does  not  exist  in  the  SNMP  or  CMIP 
protocols.  Vendors  have  been  producing  extensions  that  seek  to  better  measure  functionality 
of  their  devices  and  applications  [Ref.  24].    Any  structured  metrics  program  will  have  to  make 
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decisions  on  the  management  objectives,  the  implementation  structures  and  strategies,  and  the 
cost  basis  of  this  effort.  The  levels  of  management  reporting  and  the  detail  of  information 
required  directly  impact  the  overall  metrics  schema.  Metrics  are  measurements  of  a  process. 
The  concept  of  metrics  encompasses  all  industries  and  professions.  Metrics  will  be  used  in  this 
thesis  to  mean  a  measure  of  a  network  process. 

2.  Types  of  Metrics 

In  industry  practices,  two  types  of  metrics  are  generally  categorized  and  defined: 
formal  and  empirical  [Ref  1  ].    Each  will  be  examined  in  the  context  of  network  management. 

A  Formal  Metric  is  one  that  views  a  component  in  terms  of  its  abstract,  mathematical 
properties.  In  terms  of  a  network  this  would  emphasize  viewing  network  properties  in 
analytical  terms.  Two  examples  of  a  formal  metric: 

a)  Bandwidth  of  a  physical  link: 

A  links  maximum  data-carrying  capacity,  measured  in  bits  per  second. 

b)  Buffer  size  of  a  router: 

How  many  bytes  the  router  has  available  for  buffering  queued  packets.  In  practice  this 
might  be  specific  to  the  outgoing  interface,  or  it  might  be  shared  between  the  different 
interfaces,  or  it  might  be  different  for  different  flows  or  types  of  flows.  These  differences  are 
crucial,  and  illustrate  some  of  the  difficulties  of  devising  well-defined  formal  metrics. 

Empirical  metrics  correspond  to  properties  that  are  generally  too  complex  to  discuss 
analytically  but  are  still  very  important  for  practical  measurement.  These  metrics  are  generally 
defined  directly  in  terms  of  a  measurement  methodology.  When  confronted  with  complex 
systems  measurement,  many  measurement  communities  have  used  the  benchmark  approach, 
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in  which  some  standardized  applications  are  used  to  stress  a  system,  and  the  system's 
performance  in  executing  the  benchmark  is  then  used  as  a  metric  for  how  well  the  system 
performs  in  general. 

3.  Network  Metrics  in  Commercial  Networks 

The  general  usage  of  metrics  measurements  in  commercial  networks  divides  the 
measurements  into  four  categories:  1)  Utilization  metrics,  2)  Performance  metrics,  3) 
Availability  metrics,  and  4)  Stability  metrics.  [Ref.  9,  24] 

Table  3-9  shows  representative  metrics  categories  that  are  found  in  commercial 
network  management/metrics  packages.  This  is  a  collection  of  metrics  examples  and  does  not 
directly  correspond  to  any  given  vendor. 


Metric  Category 

Metric  examples: 

Utilization 

-  Total  input  and  output  packets  and            octets 

-  Various  Peak  metrics 

-  Per  protocol  and  per  application  metrics 

Performance 

-  RTT  metrics  on  different  protocol  layers 

-  Numbers  of  collisions  on  a  bus  network 

-  Number  of  ICMP  Source  Quench 
messages 

-  Number  of  packets  dropped 

Availability 

-  Line  availability  as  percentage  of  uptime 

-  Route  availability 

-  Application  availability 

Stability 

-  Number  of  fast  line  status  transitions 

-  Number  of  fast  route  changes  (route 
flapping) 

-  Short  term  ICMP  behavior 

-  Next  hop  count  stability 

Table  3-9  Metrics  Categories 
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IV.  SCAMPI  METRICS  IMPLEMENTATION 

A.  SCAMPI  METRICS  DESCRIPTION 

The  SRC  serves  the  NOC  role  in  the  SCAMPI  Network.  The  metrics  program  that  has 
been  implemented  tracks  what  would  be  broadly  termed  in  industry  as  performance  metrics. 
These  metrics  are  utilized  to  fulfill  troubleshooting  and  management  functions. 

The  data  to  verify  performance  metrics  at  USSOCOM  is  gathered  at  the  Systems 
Resource  Center  (SRC)  [Ref.  6].  Performance  metrics  are  divided  into  two  main  categories: 
system  metrics  and  circuit  metrics.  The  SCAMPI  system  metrics  include  Mean  Time  Between 
Failures  (MTBF),  Mean  Time  to  Repair  (MTTR),  bandwidth  utilization  and  system  availability. 
[Ref.  7,17] 

This  performance  metric  measurement  is  utilized  to  ensure  contract  compliance  by  the 
long  haul  carrier  network  provider.  The  performance  measurement  of  the  Tl  and  fractional 
Tl's  (FT1)  is  conducted  in  the  SRC  using  the  Integrated  Digital  eXchange  (IDNX)  Network 
Management  System  (NMS)  5000  which  monitors  the  IDNX  90's  located  at  principal  hubs. 
All  contracted  Tl's  are  provisioned  for  extended  superframe  format  (ESF)  and  Binary  8  Zero 
Substitution  (B8ZS)  coding.  ESF  allows  the  government  and  the  contractor  a  nonintrusive 
monitoring  capability  that  is  used  to  measure  the  link  and  node  performance  of  the  SCAMPI 
network.  [Ref.  8] 

B.  PERFORMANCE  METRICS 

This  summary  illustrates  the  nodal  metrics  measured  on  SCAMPI.  These  tables  borrow 
heavily  on  the  early  work  of  the  MITRE  and  GTE  representatives  on  staff  at  USSOCOM  and 
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are  recreated  to  give  an  understanding  of  the  current  methodology  utilized  for  metrics 
calculations  by  SCAMPI  engineers.  The  metrics  found  in  these  tables  do  not  necessarily  match 
the  industry  definitions  given  in  the  previous  chapter  but  do  provide  a  structured  basis  for 
measuring  the  network.  [Ref.  6] 

Table  4-1  provides  the  metrics  applied  against  the  network  to  determine  Mean  Time  To 
Repair  (Mi  IK)  and  Mean  Time  Between  Failures  (MTBF).  These  metrics  are  measured  and 
derived  by  tracking  the  Tl  and  FT1  circuit  statuses.  Human  observation  and  consultation  is 
present  on  the  determination  of  times. 


Metric 

SCAMPI  Standard 

Routine  Nodes  MTTR  -  (Hours) 

Vi   hour   at  manned  sites   during  normal 

working  hours 

4  hours  at  manned  sites  after  normal  working 

hours 

Critical  Nodes  MTTR  -  (Hours) 

14  hour  24  hours/day 

All  Sites  MTBF  -  (Hours) 

280  hours 

All  Sites  Availability 

98% 

Table  4-1  SCAMPI  Nodal  Metrics 

Table  4-2  examines  the  SCAMPI  Circuit  Performance  Metrics  including  circuit 
availability,  bit  error  rate  (BER),  errored  seconds  and  severely  errored  seconds.  These 
parameters  come  from  the  monitoring  of  contractual  compliance  of  the  long  haul  carrier.  The 
basis  for  these  metrics  includes  human  observations  and  resolutions  of  fault  during  outages. 
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Metric 

SCAMPI  Standard 

Availability 

99.95%  (operational  efficiency) 

BER 

1  x  lO"7  (Contractually  10"6) 

Errored  Seconds 

Fewer  than  8%  of  one-second  intervals  to 
have  any  errors.  (Equivalent  to  92%  error 
free  seconds) 

Severely  Errored  Seconds 

Fewer  than  0.2%  of  one-second  intervals  to 
have  a  BER  worse  than  1  x  1 07 

Table  4-2  SCAMPI  Circuit  Metrics 


Circuit  Availability  Metrics  are  presented  in  Table  4-3. 


Metric 

Data  Source 

Calculation 

SCAMPI 
Standard 

Notes 

Circuit/System 

CSU  (Primary) 

[uptime/(uptime 

99% 

O&M 

Availability 

NMS-5000 

+  downtime)]  x 

contractor 

(alternate) 

100% 

calculates  and 

provides  info  to 

SRC.  Outage 

responsibility 

assigned  by 

SRC. 

BER 

NMS-5000 

No.  of  errored 

10"7CONUS 

Predetermined 

BER  Report 

bits 

Total  No.  of 

bits 

10-6OCONUS 

NMS-5000 
Report,  SRC 

SLIP 

NMS-5000 

Internal  to 

Not  specified 

Predetermined 

Trunk  Frame 

NMS-5000 

NMS-5000 

Slip  Report 

Report,  SRC 

Table  4-3  Circuit  Availability  Metrics 
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C.  DERIVED  METRICS 

The  derived  metric  measurement  and  calculation  is  divided  into  the  areas  of:  load 
forecast  and  Grade-of-Service  (GOS). 

Derived  metrics  are  determined  by  analysis  of  network  operational  data.  This  process 
requires  interpretation  of  collected  data.  They  are  derived  from  network  usage  statistics  and 
information  obtained  from  Integrated  Digital  Network  eXchange  (EDNX)  and  HP  Open  View 
LAN  manager  software. 

1.  Load  Forecast 

Load  forecast  is  based  on  the  current  SCAMPI  user  demand.  Bandwidth  allocation  is 
set  for  each  user.  Load  forecast  trend  data  is  used  to  proj  ect  growth  requirements.  An  example 
of  load  forecast  is  shown  in  Appendix  A. 

2.  Grade-Of-Service  (GOS): 

GOS  is  divided  in  to  voice  and  data  subcategories,  and  is  based  on  available  service. 

D.  TRAFFIC  STUDIES  AT  USSOCOM 

Appendix  A.  contains  representative  traffic  studies  at  USSOCOM.  The  one  that  are 
included  are  purposely  aged,  not  specific  to  any  real  world  crisis  and  respective  of  the  limits 
of  the  USSOCOM  SCAMPI  classification  guide. 

The  inclusion  of  the  studies  is  to  illustrate  the  state  of  the  art,  the  existing  basis  of 
metrics  and  to  offer  and  illustrate  recommendations  based  on  selected  examples.  Further 
reference  to  the  studies  in  the  recommendations  chapter  will  be  used  to  illustrate  limitations. 
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V.    CURRENT  NMS/METRICS  LIMITATIONS 

A.         STATE  OF  THE  ART  NETWORK  MANAGEMENT  PROBLEMS 

The  inherent  problem  with  any  assessment  of  a  system  is  that  while  it  was  state  of  the 
art  or  ahead  of  the  art  at  the  time  of  installation,  time  and  industry  strides  can  bypass  its 
treasured  status.  The  USSOCOM  SCAMPI  Network  remains  a  highly  reliable,  efficient 
network  in  its  present  form.  The  design  and  utilization  of  Tl  capable  fiber  optics  and  reliable 
high  speed  hub  switching  systems  has  allowed  the  QoS  and  design  parameters  to  be  met  and 
maintained. 

The  recommendations  offered  here  are  intended  to  solicit  improvements  and  changes 
to  maintain  its  preeminent  role  in  serving  the  SOF  community.  Each  problem  will  be  stated 
and  then  a  proposed  solution  will  be  offered.  These  problem/solution  sets  are  just  a  starting 
point  and  will  require  investigation  into  the  implementation  of  each  in  the  context  of  the  total 
management  of  the  network.  As  with  most  aspects  of  network  management,  Solutions  that  are 
offered  have  interactions  and  cannot,  be  considered  separately. 

The  recommendations  are  then  consolidated  and  placed  into  table  format.  The  table 
form  shows  interactions  of  the  recommendations  and  implementation  factors.  It  is  followed  by 
an  assessment  of  the  recommendations  and  the  functional  management  areas  covered  earlier 
in  the  thesis.  This  form  was  chosen  to  maintain  the  consolidation  "checklist"  approach  adopted 
in  the  industry  survey  section. 
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B.  PROBLEM  1  AND  RECOMMENDATION 

1.  Problem:  Centrally  managed  NMS  topology,  inability  to  adequately  poll 
from  central  point  without  overloading  system. 

In  USSOCOM,  the  NMS  is  centralized  and  all  functionality  exists  in  very  few 
workstations.  This  is  the  normal  topology  of  early  network  monitoring  systems.  The  scalability 
of  the  SCAMPI  network  has  followed  the  normal  exponential  growth  curve  thus  aggravating 
the  centralized  network  management/measurement  approach. 

The  polling  rate  and  the  large  number  of  individual  SNMP  capable  devices  in  a  growing 
network  will  generally  preclude  the  utilization  of  a  single  or  small  number  of  workstations  to 
adequately  poll  and  collect  responses  from  a  single  location  [Ref.  23,25].  If  there  are 
thousands  of  devices  on  the  network,  the  percentage  of  traffic  related  to  just  insuring  network 
presence  can  become  unacceptably  large.  Polling  rates  of  the  SCAMPI  network  have  been 
purposely  held  low  through  programming  and  most  SNMP  calls  to  devices  reflect  the  SRC's 
role  in  troubleshooting  [Ref.  6]. 

Reliability  and  redundancy  issues  in  a  high  priority  network  could  also  lead  to  the 
question  of:  "Why  a  single  point  failure  of  the  SRC  could  allow  critical  network  management 
functionality  to  go  unaccomplished?"  This  issue  coupled  with  the  offered  solution  seeks  to 
eliminate  that  possibility. 

2.  Solution:  Distributed  managerial  presence  in  the  form  of  CVS  at  each  major 
Node  to  encompass  the  LAN/WAN  management. 

The  requirement  to  segment  the  network  and  distribute  the  managerial  functions  seems 

necessary.   The  industry  trend  of  Client-Server  distribution  of  data  base  servers  can  form  the 

basis  of  this-  type  of  functional  distribution.  By  distributing  servers,  the  workstation  doing  the 
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polling  can  be  topologically  closer  to  the  devices  which  it  manages.  This  reduces  traffic, 
particularly  traffic  through  WAN  Tl  lines  from  and  back  to  the  SRC.  Multiple  small  servers 
will  generate  less  traffic  overall  than  a  single  workstation  polling  all  stations  from  a  great 
distance.  Each  server  will  contain  the  network  information,  MEB's,  RMON  Tables  for  each 
network  section  in  it's  cognizance. 

The  primary  argument  against  such  a  measure  as  this  is  that  it  will  have  costs  associated 
with  the  allocation  of  servers  and  programming  to  perform  this  function.  The  cost  differential 
of  having  this  monitoring  function  performed  on  a  distributed  basis  on  existing  assets,  with  a 
higher  degree  of  network  monitoring  being  possible  offsets  the  implementation  cost. 

The  ability  to  transparently  view  and  navigate  the  distributed  servers  from  either  the 
SRC  or  an  alternate  viewing  point  seems  very  beneficial.  Two  looks  at  a  single  failure  can  give 
the  SRC  a  better  idea  of  the  real  solution.  This  functionality  in  the  monitoring  of  Tl  line 
availability  is  done  with  personnel  at  key  nodes  and  the  benefits  of  dual  looks  is  demonstrated 
there.  Another  aspect  of  distributed  servers  is  the  aspect  of  network  restoration.  In  a  centrally 
structured  NMS  system  any  scripted,  or  manual,  network  restoration  effort  will  be  essentially 
sequential  and  incurs  the  wait  time  for  processing  serial  events. 

LAN  managers  present  in  the  distributed  nodes  of  the  USSOCOM  network  do  many 
similar  functions  to  the  distributed  C/S  described  in  this  solution.  The  ability  to  examine  this 
data  in  the  performance  of  WAN  network  management  seems  not  to  have  been  exploited  thus 
far.  A  C/S  distributed  system  should  help  facilitate  the  incorporation  of  LAN  specific 
measurements  into  the  overall  NMS  plan. 
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C.         PROBLEM  2  AND  RECOMMENDATIONS 

1.  Problem:  SNMP/RMON  Limitations,  inability  to  adequately  measure 
network  devices  for  baseline  performance. 

SNMP  provides  details  about  network  devices  with  an  SNMP  agent— a  router  interface, 
for  example~but  it  won't  produce  any  data  about  other  devices  on  the  network,  such  as  the  end 
nodes  that  communicate  over  that  router  interface.  Even  if  every  device  you  wanted  to  monitor 
had  SNMP,  it  would  be  impractical  to  poll  them  all  to  correlate  data  and  extend  your  baseline's 
reach.  SNMP  is  quite  effective  for  configuring  and  managing  devices,  but  it  doesn't  generate 
the  high  level  of  performance  detail  that  good  traffic  base-lining  requires.  [Ref.  21] 

SNMP  depends  on  polling  of  network  devices  to  determine  the  content  of  network 
management  data.  RMON  presents  a  standard  way  to  gather  performance  data  from  LAN 
devices  and  reduce  SNMP  polling  [Ref  9].  But  it  has  several  drawbacks:  it's  LAN-centric;  it 
provides  only  Media  Access  Control  (MAC)-layer  information;  and  it  can't  correlate  traffic  to 
expose  end-node  conversations,  or  tell  which  applications  are  generating  the  traffic. 

RMON  version  2  addresses  some  of  these  limitations  but  unfortunately  remains 
LAN-centric.  It's  also  very  processor-intensive,  driving  up  the  per-managed-segment  cost  of 
RMON  probe  [Ref.  9].  As  a  result,  the  WAN  continues  to  be  a  "black  hole"  in  terms  of  ability 
to  be  measured  and  managed.  To  remedy  this,  many  vendors  manufacture  WAN  probes  that 
use  proprietary  RMON  management  information  base  (MEB)  extensions  to  track  WAN 
utilization,  errors  and  other  critical  statistics.  [Ref.  23,24,25,26]  Since  we  don't  have  a  standard 
MIB  to  assess  these  functions,  this  becomes  a  sensible  approach. 

2.  Solution:  SNMP/RMON  Probes  And  WAN  Network  Monitoring 
RMON  probes  cost  money.    Lack  of  probes  cost  money  and  create  inefficiencies.  The 
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decision  becomes  whether  the  network  will  or  won't  be  monitored  to  produce  proactive 
measures  that  insure  better  service  for  the  user.  There  are  usable,  viable  industry  utilized 
metrics  of  performance  that  currently  can  not  be  measured  or  analyzed  at  USSOCOM.  The 
current  system  cannot  be  modified  with  just  software  packages  to  provide  this  functionality. 

In  a  similar  effort  to  this  recommendation,  the  JWID  97  network  evaluation  and 
assessment  effort  includes  some  elements  of  this  type  of  monitoring.  Their  plan  uses  RMON 
probes  to  analyze  some  content  of  the  traffic  being  passed  on  selected  high  speed  networks  that 
interconnect  the  JWID  demonstration  systems  [Ref.  28].  This  recognition  that  the  content 
analysis  of  traffic,  as  to  the  applications,  protocols,  and  mixtures  of  traffic  is  fundamental  to  the 
accomplishment  of  effective  network  measurement  and  management  provides  further  impetus 
to  include  this  solution. 
D.         PROBLEM  3  AND  RECOMMENDATIONS 

1.  Problem:  Non-Monitoring  of  Traffic  as  to  analysis  of  application,  protocol 

The  monitoring  of  application  and  protocol  related  traffic  indicators  can  reveal 
problems  that  otherwise  can  go  undetected.  Examples  of  this  could  include:  protocol 
mismatches,  incorrect  routes,  broadcast  storms  and  even  some  low  level  denial  of  service 
attacks. 

A  normal  question  to  the  network  manager  as  to  what  percentage  of  traffic  during  an 
event  was  related  to  a  certain  user,  set  of  grouped  users,  certain  protocol  or  application  can  be 
exceedingly  difficult  if  the  system  lacks  this  ability.  While  systems  were  originally  set  up  to 
handle  telephone  calls  and  "data,"  the  mixing  of  content  and  changes  in  the  way  information 
is  being  generated  and  handled  has  changed  the  percentages  of  traffic  content. 
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See  Appendix  A  examples  1-6.  These  traffic  study  examples  are  representative  of 
USSOCOM  network  loads.  Some  circuits  have  very  dynamic  and  widely  varying  loads  while 
others  have  allocated  bandwidth  and  low  usage.  What  is  happening  when  the  traffic  load  peaks 
or  bottoms  out?  Is  there  a  network  related  malfunction  occurring?  Is  there  a  contributing  factor 
such  as  a  protocol  mismatch?  Is  this  circuit  fulfilling  the  task  for  which  the  bandwidth 
allocation  has  been  slotted?  Unfortunately  there  is  no  current  methodology  in  place  to  answer 
these  questions.  These  questions  and  any  associated  metrics  are  essentially  unattainable. 
2.  Solution:  Institute  application  and  protocol  monitoring  capability 

The  monitoring  of  the  traffic  application  and  protocol  layers  does  not  have  be  a  full 
time,  full  enterprise-wide  function.  The  required  assets  and  monitoring  equipments  are  initially 
best  dedicated  to  problem  areas  and  to  proactive  discovery  of  potential  problems.  New 
segments  of  a  network  could  have  dedicated  testing  in  the  initial  "bum-in"  phase.  Older 
network  segments  that  have  experienced  symptoms  of  BER,  unexplained  interruptions  and 
outages,  or  other  non-explained  problems  are  also  good  candidates  for  this  type  of  monitoring 
Once  the  performance  and  training  aspects  of  the  introduction  of  this  capability  are  determined 
the  capability  can  then  be  incrementally  spread  to  critical  nodes  and  left  in  place. 
E.         PROBLEM  4  AND  RECOMMENDATIONS 

1.  Problem:  Pro-active  vs.  Reactive  Mode  of  Operation 

A  NMS  that  is  only  utilized  in  the  role  of  troubleshooting  after  a  network  failure,  or 
monitoring  and  recording  past  events,  lacks  the  ability  to  pro-actively  analyze  and  react  to 
traffic  overflows,  system  malfunctions  or  even  low  level  system  attacks. 
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2.  Solution:  System  monitoring  that  detects,  analyzes  and  reacts  to  network 

malfunctions,  as  they  are  happening. 

Implement  a  proactive  NMS.  This  can  either  take  the  form  of  an  additional  software 

package  that  supplements  the  existing  system,  or  less  prudently  a  stand  alone  system. 

F.  PROBLEM  5  AND  RECOMMENDATIONS 

1.  Problem:  Interoperability  Of  NMS  And  NT  systems 

Within  the  last  few  years  most  industry  organizations  have  seen  changes  in  individual 
operating  systems  (OS)  and  platforms  with  a  pronounced  shift  to  include  more  and  more  of  the 
Microsoft  Windows  NT  OSs.  This  OS  shift  has  also  been  prevalent  in  the  military.  It  has  been 
stated  as  a  standard  under  some  CINC's  plans,  such  as  USP ACCOM's  Information  Technology 
for  the  21st  Century  (IT21).  In  addition  the  proliferation  of  NT  servers  at  all  levels  of  the 
organization  has  created  a  new  dependence  on  these  cheaper  C/S  systems.  The  migration  of 
such  systems  as  the  Joint  Defense  Intelligence  Support  System  (JDISS)  to  NT's  exemplifies 
the  trend  of  workstation  applications  being  ported  over  to  the  personal  computer  realm. 

The  ability  of  a  NMS  to  effectively  monitor  and  utilize  information  from  this  rapidly 
increasing  sector  of  the  network  needs  to  be  addressed.  The  inability  to  directly  access  and 
utilize  this  information  currently  exists  at  the  SRC.  The  amount  of  information  and  network 
management  capability  that  can  be  added  to  the  SRC's  capacity  will  increase  as  the 
proliferation  of  NT  machines  continues.  The  current  capability  that  exists  in  the  SRC  with 
respect  to  NT  machines  would  be  to  treat  them  as  network  objects,  assign  SNMP  functionality 
and  then  poll  them  with  respect  to  presence  and  rudimentary  operation. 

2.  Solution:  Windows  NT  and  Systems  Management  Server  integration 
Any  interaction  with  NT  systems,  particulary  with  the  NT  as  a  server  needs  to  follow 
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the  philosophy  of  intelligent  agents  and  ensure  that  the  server  (the  agent)  monitors  event 
thresholds  and  other  events  and  then  reports  SNMP  traps  to  the  cognizant  C/S  node. 

An  enhancement  to  the  NT  server,  the  Systems  Management  Server  (SMS)  provides 
automated  software  and  hardware  inventory,  software  distribution  and  remote  diagnosis 
capabilities.  Departing  from  LAN  functionality  it  also  allows  integration  with  leading 
enterprise  management  systems.  The  inter-connectivity  with  NMS  systems  such  as  the  HP 
Openview  found  at  USSOCOM  is  cited  as  a  common  industry  standard.  [Ref.  29] 

Advantages  that  can  be  achieved  by  this  solution  additionally  consider  the  LAN/WAN 
divisions  and  concerns  addressed  in  recommendation  one.    The  abilities  inherent  in  the  NT 
servers  to  measure  and  monitor  these  functions  as  well  as  providing  a  viable  platform  extension 
for  multi-vendor  network  components. 
G.         PROBLEM  6  AND  RECOMMENDATIONS 

1.  Problem:  Lack  of  Network  Simulation 

The  ability  to  model  existing  networks  or  sub-segments,  and  conduct  "what-if ' 
scenarios  is  a  basic  capability  that  most  modem  network  management  systems  consider 
essential  [Ref.  3,  21]  The  capability  to  automatically  integrate  auto-discovery  included 
topology  elements  into  the  database  and  modeling  algorithms  allows  new  network  additions 
to  be  timely  considered  in  subsequent  simulations. 

Table  5-1  illustrates  the  merits  and  problems  of  not  having  network  simulation 
available  in  network  management. 
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Network  Simulation  available 

Lack  of  network  simulation 

Training  on  network  behaviors 
Simulated  network  problem  solving 

Networks  are  learned  at  the  expense  of 
restoration  time 

Training  occurs  on  real  problems  or 
experienced  personnel  handle  problems  at 
the  expense  of  training 

Critical  node  analysis 

Designed  network  nodes  remain  static  with 
little  chance  of  improvement 

Traffic  rerouting  analysis 

Traffic  studies  over  long  periods  of  time 
may  be  necessary  to  detect  problem  areas 

Network  dynamics  fed  into  models 

Models  non-existent  or  based  on  perceived 
behaviors 

Analytic  tools  built  in 

Precludes  tedious  manual  manipulation  of 
compiled  traffic  studies 

Table  5-1  Network  Simulation  Aspects 
2.  Solution:  Integrated  Network  Simulation 

The  integration  of  a  Network  simulation  and  modeling  system  into  the  SCAMPI  SRC 
would  allow  the  benefits  detailed  in  Table  5-1.  An  additional  use  of  simulation  in  network 
management  has  been  the  development  of  SNMP  and  protocol  simulators.  These  devices, 
(hardware  required),  simulate  any  network  device  and  function  or  malfunction.  This  can  be 
very  useful  to  the  training  of  network  management  personnel  and  to  test  proactive  measures 
implemented  in  a  network.  A  predictable,  repeatable  network  fault  can  be  extremely  useful. 
H.         SUMMARY  OF  RECOMMENDATIONS 

Table  5-2  starts  the  summary  of  the  recommendations  for  the  USSOCOM  SCAMPI 
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USSOCOM  NMS 

Solution 

Hardware 
Factors 

Software 
Factors 

Personnel 
Factors 

Cost 
Factors 

Future 
Factors 

Distributed 

Management 

Presence 

Primarily 

existing 

hardware 

Required. 
Agents  run 
on 

designated 
servers 

Training  on 
distributed 
management 
functionality 

Per  unit 
cost  of 
agent  in 
each 
Server 
location 

Industry  trends 
favor  distributed 
management 

WAN  Level 

RMON  Probe 

Functionality 

(SNMP 

/RMON 

limitations) 

WAN 
Probes 

Required  for 
Interfacing 
to  existing 

NMS 

Training  on 
WAN  probe 
functionality 
and 
procedures 

Cost  per  unit 
can  be 
leveraged  as 
utilized 

RMON  probes 
increasingly 
utilized  on  DoD 
networks 

Application, 
and  Protocol, 
Traffic 
Analysis 
Capability 

LAN/ 
WAN 
Probes 

Required  for 

NMS- 

Application 

Protocol 

monitoring 

Adds 

requirements 
of  traffic 
analysis 

Can  be 
incrementally 
adopted  and 
proven. 

Highly  used  by 
industry 
DoD  is  starting 
to  use 
increasingly 

Pro-active 
Mode  of  NMS 

None 
envisioned 

Requires 
software  for 
function- 
ality 

Automated 

restoration 

and 

proactive 

modes  of 

operation 

Cost  of  failure 
is  high 

Pro-active 
ability  is 
required 

Windows  NT 
Server 
Monitoring 
Capacity 

No  new  user 
hardware. 
Possibly  NT 
server  in 
SRC 

Required 
for  NMS - 
NT 
monitoring 

Adds  NT 
SMS  and 
server 
functions  to 
SRC  tasking 

Most 

functionality  is 
resident  in  NT 
systems 

NT  OS  is 
increasingly  the 
DoD  Standard 

Network 

Simulation 

Ability 

Some 

systems, 

(SNMP) 

require 

hardware 

Required 

Adds 

requirement 

of 

simulation 

utilization 

Unknown 
factors 

discernible  by 
simulation  is 
desirable 

Industry  /  DoD 

trends 

favor  adoption 

Table  5-2  Recommendation  Summary  Table 
network.     Table  5-2  gives  a  cross  reference  of  each  recommendation  with  the  perceived 
hardware,  software,  personnel  training  and  adjustment,  cost  and  future  factors  for  each  area. 
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The  format  of  the  following  tables  is  modeled  after  the  industry  survey  tables  in  Chapter  HI  to 
allow  constant  form  and  to  enable  cross  comparison  when  considering  vendor  specific 
proposals. 

The  solutions  and  factors  are  non-vendor  specific  and  therefore  cost  factors  are 
particularly  generic.  Costs  of  probes  and  hardware  are  much  akin  to  transportation.  Basic 
transportation  is  one  cost,  high  speed  capability  is  usually  extra.  Unlike  cars,  network  products 
and  computers  continue  to  decrease  in  cost  per  given  capability.  The  Tl  lines  at  USSOCOM, 
which  used  to  represent  high  capacity  in  terms  of  network  connectivity  are  easier  to  measure 
in  terms  of  modem  probes  than  the  yet  higher  speed  ATM  capabilities  on  the  near  horizon. 

Table  5-3  provides  a  cross  reference  between  the  NMS  functional  areas  described  in 
Chapter  III  and  the  recommended  solutions.  Some  areas  are  blank.  Not  every  recommendation 
solves  a  need  in  every  functional  area. 
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Recommended 
Solution  vs  NMS 
Functional  Area 

Performance 
Mgt. 

Asset 
Cnnfig. 

Acct 
Mgt 

Fault 
Mgt 

Security 
Mgt 

Distributed 

Management 

Presence 

Higher  poll 
rates  of  NMS 
objects  with 
out  affecting 
network 
performance 

Multiple 
databases 
allows 
dual 
back  ups 

Auto- 
discovery  in 
distributed 
role  is  more 
efficient 

Better 

detection 

through 

enhanced 

presence 

enhanced 

access 

point 

monitor 

functions 

WAN  Level 

RMON 

Probe 

Functionality 

(SNMP/RMON 

limitations) 

Able  to 
measure 
WAN  metrics 
currently 
unavailable 

Enabled 

WAN  fault 

detection 

(Not 

currently 

available) 

Ability 

to  detect 

protocol, 

traffic 

related 

attacks 

Application,  and 
Protocol,  Traffic 
Analysis 
Capability 

Ability  to 
measure  critical 
parameters 
not  now 
available 

Ability  to 

tune 

network  to 

handle 

highBW 

loads 

Issue 
alarms 
based  on 
early 
detections 

Ability  to 

detect 

protocol, 

traffic 

attacks 

Pro-active 
Mode  of  NMS 

Faster  resolution 
of  performance 
bottlenecks 

— 

— 

Fault 
restoration 

— 

Windows  NT 
Server 
Monitoring 
Capacity 

Able  to  add 
the  NT  SMS 
and  server 
performance 
monitoring 

Able  to 
monitor 
NT  assets, 
software, 
& 

configur- 
ations 

Adds  NT 
abilities 
for  asset 
control  and 
manage- 
ment 

Increased 
area  of 
fault 
detection 

Enables  NT 

security 

functions 

Network 
Simulation 

Increases  ability 
to  tune 

performance  of 
network 

Allows 
network 
design  & 
planning 

Improves 
network 
design  and 
loadouts 

Table  5-3  Recommendation  vs  NMS  Functional  Area 
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VI.  NEAR  TERM  TECHNOLOGY  IMPLICATIONS  AND  FUTURE  RESEARCH 

This  chapter  will  address  a  selection  of  issues  that  can  complicate  the  NMS  decision 
maker's  choices  for  implementation  of  solutions.  It  will  also  address  technological  changes  and 
challenges.  The  indicators  for  industry  trends  in  several  key  areas  stand  to  radically  change  the 
way  that  networks  work,  and  thus  must  be  considered  and  managed.  The  chapter  will  also  point 
out  future  research  areas  that  could  be  carried  on  to  improve  the  DoD's  role  in  managing  it's 
networks. 
A.         BANDWIDTH  CRUNCH  AND  QOS  ISSUES 

Emerging  applications,  such  as  multimedia  and  full  motion  video  will  consume 
increasing  amounts  of  bandwidth  compared  to  text  and  still  graphics.  The  experience  of 
USSOCOM  in  implementing  VTC  on  the  SCAMPI  network  illustrates  the  potential  for  large 
bandwidth  requirements.  When  the  applications  found  at  each  individual  desktop  requires 
multimedia  for  training,  or  other  job  functions  the  network  will  face  increasing  demands  on  its 
resources. 

The  key  issue  that  future  technology  brings  is  not  just  bandwidth  but  predictability  of 
the  service  received.  As  an  example,  VTC  and  interactive  video  are  less  tolerant  than  older 
voice  channels  to  the  variances  and  latency  found  in  conventional  router  based  networks.  The 
guaranteed  QoS  necessary  to  implement  this  application  has  been  available  thus  far  due  to 
bandwidth  allocations  that  do  not  switch.  See  Appendix  A  page  85  for  an  example  of  a  circuit 
where  bandwidth  allocation  was  fixed  for  VTC  utilization  and  was  unable  to  be  easily 
preempted.  In  a  connection-oriented  environment  this  luxury  of  dedicated  circuits  free  from 
any  potential  collisions  and  competition  may  not  be  present.      The  next  section  on  ATM 
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addresses  such  an  environment. 

B.         ASYNCHRONOUS  TRANSFER  MODE  (ATM)  IMPLEMENTATION 

USSOCOM  as  well  as  many  other  DoD  users  have  plans  for  the  near  term  addition  of 
ATM  circuits  and  connection  to  external  ATM  networks  [Ref  6].  ATM's  connection-oriented 
nature  demands  a  different  type  of  network  management  and  metrics  determination.  The 
implementation  of  ATM  with  its  own  unique  metrics  requires  new  tools.  The  decision  will 
have  to  be  made  on  the  implementation  of  ATM  Network  management  systems  and  metric 
gathering  methodologies. 

ATM  is  the  cell-based  multiplexing  technology  specified  by  the  ITU-T  and  Committee 
Tl  for  use  in  integrating  data,  voice  and  video  communications  in  Broadband  Integrated 
Services  Digital  Networks  (B-ISDNs)  and  emerging  national  and  global  information 
infrastructures.  ATM  uses  cell-multiplexing  and  switching  technology  using  fixed  length 
packets.  This  network  access  protocol  can  operate  over  fiber-optic  circuits  with  data  rates  of 
1.5,  45,  100  and  1 50  Megabits  per  second  (Mbps).  [Ref.  29]  The  changes  in  NMS  for  ATM 
require  the  decision  maker  to  either  modify,  add  to,  or  replace  the  existing  NMS  to 
accommodate  ATM. 

Primary  differences  in  the  way  information  is  handled  in  ATM  illustrates  the 
requirement  that  the  SRC  have  a  NMS  that  is  powerful  enough  to  accomplish  the  task.  The 
information  in  ATM  that  requires  monitoring  includes:  cell  transfer  delay,  cell  delay  variation, 
errored  cells,  lost  cells  and  misinserted  cells.  Impairments  that  would  need  monitoring 
include:  individual  bit  errors,  error  bursts,  and  loss  of  frame  events.  Current  monitoring 
methodology  at  USSOCOM  and  most  DoD  networks  does  not  have  the  inherent  ability  to  detect 
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these  malfunctions.  In  addition  the  filter  and  capture  speeds  required  of  high  speed  ATM  traffic 
creates  the  necessity  to  have  dedicated  monitoring  devices  that  can  monitor  and  buffer  at  least 
a  million  cells.  The  changing  nature  of  the  standards  and  specifications  of  ATM  requires  a 
flexible  and  upgradable  analyzer  that  can  stay  current. 

While  being  different  in  the  transmission  methodology,  the  functions  that  NMS  has  to 
perform  on  the  circuits  will  remain  very  similar.  The  important  consideration  in  implementing 
a  NMS  solution  will  be  the  ability  to  preserve  training  and  fluency  in  the  SRC  with  the  new 
implementation.  Functionality  and  processes  that  could  share  the  existing  NMS  system  and 
screens  would  minimize  costs.  If  it  is  possible  to  implement  an  ATM  monitoring  and 
management  system  on  the  existing  hardware  without  significant  modification,  the  cost  and 
learning  curve  time  would  both  be  significantly  reduced. 
C.         SCALABILITY  ISSUES 

1.  IP  Next  Version/Version  6    (IPV6) 

The  equipments  used  in  most  modem  networks  are  based  on  the  IPV4  and  will  have  to 
consider  the  ramifications  of  the  new  IPV6  standard.  EPV6  will  provide  support  for  (1) 
expanded  addressing  and  routing  capabilities,  (2)  a  simplified  header  format,  (3)  extension 
headers  and  options,  (4)  authentication  and  privacy,  (5)  autoconfiguration,  (6)  simple  and 
flexible  transition  to  EPV6,  and  (7)  increased  quality  of  service  capabilities.  [Ref.  29] 

Most  of  the  new  systems  architectures  proposed  for  the  near  term  including,  Defense 
Message  System  (DMS)  and  the  Global  Broadcast  System  (GBS)  [or  Defense  Broadcast  System 
(DBS)]  ,  include  the  EPV6's  anycast  address  scheme  as  an  essential  part.  The  ability  to  have 
vastly  improved  routing  and  addressing  coupled  with  multicast  capabilities  will  soon  pressure 
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all  networks  to  upgrade  to  the  standard. 
2.  Year  2000  Compliance 

All  applications,  solutions  and  devices  that  might  be  added  need  to  be  Year  2000 
compliant  to  avoid  obsolescence  and  possible  network  related  failures.  This  will  apply  to  the 
existing  SCAMPI  network  NMS  as  well  as  any  improvements.  All  operating  systems,  databases 
and  even  the  Basic  Input  Output  System  (BIOS)  on  PC's  will  need  to  be  compliant.  Institutions 
have  conducted  testing  of  this  potentially  disabling  phenomena  by  testing  sections  of  their 
networks  with  an  artificial  setting  ahead  of  all  system  clocks  to  1/1/2000. 
D.         WEB  BROWSER  BASED  TECHNOLOGY  AND  MANAGEMENT 

1.  Web  Technology 

The  advent  of  the  World  Wide  Web  (WWW)  and  its  related  standards,  has  created  a 
client  server  information  system  on  the  Internet  (or  any  compliant  network)  that  uses  HyperText 
and  multimedia  techniques.  This  has  enabled  a  consistent  and  simple  means  of  accessing  a 
variety  of  media.  The  HyperText  Transfer  Protocol  (HTTP)  is  a  protocol  used  for  search  and 
retrieval. 

Most  of  the  functionality  of  network  based  communications  can  be  accomplished  via 
this  web  browser  technology.  The  management  of  network  obj  ects  is  possible  within  this  mode. 
An  early  user  of  Web  browsers  to  interface  and  demonstrate  network  management  was  the 
Stanford  Linear  Accelerator  Center  (SLAC).  This  concept  is  still  being  demonstrated  online. 
Appendix  D  provides  the  connection  information  under  the  University  section  of  http  addresses. 

2.  Web  Management  -  Industry  Consortiums 

Several  companies  have  announced  plans  to  pursue  this  mode  of  network  management 
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through  web  browser  technology . [Ref.  24]  One  such  effort  has  been  labeled  Web-Based 
Enterprise  Management  (WBEM).  WBEM  is  a  collection  of  technologies  that  is  designed  to 
facilitate  management  of  the  enterprise  network.  These  technologies  were  developed  by  a 
group  of  companies  and  are  intended  to  work  independent  of  vendor,  protocol,  or  management 
standard.  Typically,  enterprise  management  has  been  tied  to  different  protocols  for  different 
disciplines;  for  example,  SNMP  for  network  management.  [Ref.  28] 

Adopting  elements  of  Object  Oriented  design,  WBEM  assumes  that  management 
problems  are  task-oriented  and  require  tools  that  work  together  to  provide  a  single  management 
methodology.  These  standards  are  strongly  influenced  by  advances  in  Internet  technology, 
which  has  allowed  for  a  new  perspective  on  management. 

WBEM  does  not  attempt  to  replace  existing  management  standards  such  as  SNMP.  In 
fact  WBEM  complements  this  standard  by  providing  an  integration  point  through  which  data 
from  all  network  sources  can  be  accessed.  This  makes  any  management  applications 
independent  of  specific  Application  Program  Interface  (APIs)  or  standards  used  to  instrument 
each  managed  entity,  allowing  correlation  of  data  and  events  from  multiple  sources  on  a  local 
or  enterprise  basis.  A  web-based  demonstration  of  WBEM  is  available  in  either  Active-X  or 
JAVA  on  the  web  [Ref  28]. 

3.  Decentralized  NMS  Functionality 

The  ability  to  decentralize  NMS  functionality  will  allow  different  approaches  to 
network  management.  For  example,  a  forward  deployed  SCAMPI  node  could  conceptually  be 
able  to  use  browser  technology  to  do  equipment,  line  and  performance  checkouts.  The  future 
connectivity  requirements  of  deployed  troops  may  not  follow  classical  military  network  lines 
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but  may  instead  rely  on  more  commercial  connectivity  that  may  not  have  direct  dedicated 
oversight  by  a  NOC  such  as  the  SRC.    The  ability  to  analyze  performance  and  network 
operation  at  every  level  by  users  may  become  increasingly  necessary  as  topologies  mix  and 
switch  in  the  information  grid. 
E.         JAVA  DESIGN  CONSIDERATIONS 

Building  on  the  rise  of  web  browser  technologies,  the  JAVA  language,  and  its 
associated  Management  API  base  is  well  positioned  to  assume  a  dominant  role  in  the  future  of 
network  management  and  measurement.  The  ability  to  be  platform  independent  and  to  write 
applications  that  are  executable  at  all  levels  of  technological  ability  within  network  devices, 
gives  the  NMS  system  of  the  near  future  tools  and  access  that  were  heretofore  impossible  [Ref 
22]. 

The  creation  of  browser  based  interfaces  that  allow  the  user  to  view  and  manipulate  the 
attributes  of  his  network  have  existed  since  late  1995.  The  commercial  application  and 
development  of  JAVA  and  web  technology  is  continuing  at  a  rapid  pace.  As  most  of  the 
network  interface  is  "built  in"  to  the  JAVA  language  the  creation  of  network  applications  is 
now  much  easier  and  requires  exponentially  fewer  lines  of  code. 

The  ability  to  write  code  once  and  have  it  be  executable  on  any  platform,  UNIX 
workstation,  PC,  Macintosh,  or  any  network  device  regardless  of  vendor  will  allow  for 
simplification  of  network  management  and  metrics  collection.  The  requirements  to  have  "plug- 
ins"  to  handle  specific  vendors  product  configuration  and  management  functionality  will  no 
longer  exist.  What  may  result  from  this  generic  application  may  be  the  lack  of  human  interface 
to  the  physical  hardware.  Current  "plug-ins"  create  a  artist  rendition  of  the  network  hardware 
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that  closely  emulates  the  physical  characteristics  of  the  device. 

Table  6-1  illustrates  the  features  of  each  of  the  JAVA  Management  API  components. 
[Ref.  22].  The  features  listed  are  the  ones  most  relevant  to  the  problems  and  solutions 
proposed  in  the  thesis.  The  Management  API  set  allows  the  creation  of  viewer  interactive 
management  tools.  The  set  includes  the  ability  to  easily  create  user  interfaces,  gauges,  and 
other  human-computer  interfaces. 


JAVA  Management  API  Component 

Features,  details: 

Admin  View  Module  (AWM) 

An  extension  of  the  Abstract  Window  Toolkit 

(AWT). 

Used  to  build  graphical  tables,  charts,  and  meters 

for  visualization. 

Base  object  interfaces 

Defines  core  object  types  for  distributed  resources 
and  services  in  a  management  system. 

Managed  container  interfaces 

Allows  grouping  of  managed  objects  for  better 

organization. 

Allows  group-oriented  approaches  for  complex 

systems. 

Managed  notification  interfaces 

Core  foundation  of  managed  event  notification 

services. 

Can  be  expanded  by  developers  to  include  system 

specific  devices. 

Managed  data  interfaces 

Allows  linking  of  managed  object  attributes  to 
relational  databases. 

Allows  a  transparent  link  between  management 
resources  and  external  databases. 

Managed  protocol  interfaces 

Uses  the  JAVA  Security  APIs  and  JAVA  RMI  to 
add  distributed  object  support  to  the  core 
functionality. 

SNMP  interfaces 

Allows  support  for  legacy  SNMP  agents. 
Allows  interfacing  with  all  compliant  devices. 

Applet  integration  interfaces 

Allows  applet  integration  to  accomplish 
management  functionality 

Table  6-1  JAVA  Management  API  Functionality 
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F.  OBJECT  ORIENTED  MANAGEMENT  CONSIDERATIONS 

The  requirement  for  reuse  and  cost  savings  on  software  design  has  prompted  the  DoD 
to  examine  the  Object  Oriented  (00)  aspect  of  software,  as  in  Ada,  as  well  as  other  areas  such 
as  design  and  manufacturing  processes.  The  JAVA  language  was  built  from  its  inception  as  an 
object  oriented  language.  Using  JAVA  as  an  example  the  concepts  of  oriented  design  and 
network  management  will  be  discussed.  The  following  paragraph  is  a  representation  of  how 
network  objects  under  a  00  framework  are  classified,  ordered  and  stored. 

Each  component  in  the  management  environment  is  referred  to  as  a  managed  object, 
whose  properties,  attributes,  and  other  information  are  stored  in  classes.  These  classes  are 
organized  into  association  and  inheritance  hierarchies,  which  are  grouped  by  areas  of  interest, 
such  as  networking,  applications,  and  systems.  Each  area  of  interest  represents  a  schema,  which 
is  a  subset  of  the  information  available  about  the  management  environment. 

The  primary  goal  and  inherent  gain  in  00  design  and  languages  is  the  ability  to  handle 
similar  network  objects  with  a  single  software  mechanism,  regardless  of  the  actual  underlying 
hardware.  The  ability  to  create  definitions,  classes,  and  functions  that  are  truly  transparent  to 
the  network  obj  ects  that  are  being  managed  will  represent  a  true  advancement  of  the  art. 

G.  FUTURE  DATA  COLLECTION/ANALYSIS  ACTIVITIES 

Future  data  collection  and  analysis  activities  will  evolve  beyond  the  realms  of  packet 
switching  infrastructure,  towards  optimizing  service  quality  by  such  mechanisms  as  information 
caching  and  multicast.  These  activities  and  the  incumbent  management  and  analysis  activities 
will  increasingly  require  visualization  based  monitoring. 

Graphical  User  interfaces  (GUI's)  changed  the  look  and  utilization  of  most  computing 
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tasks.  Visualization  will  bring  conceptual  understanding  to  processes  that  cannot  be  viewed  or 
touched  physically  by  the  system  operator.  Visualization  is  important  in  making  sense  of 
complex  problems  and  is  especially  critical  for  developing  and  maintaining  the  efficiency  of 
logically  overlaying  architectures,  such  as  caching,  multicast,  and  EPV6  tunnel  infrastructures. 
It  will  be  increasingly  important  as  systems  change  into  dynamically  shared  and  allocated 
network  structures.  Systems  that  do  not  make  use  of,  or  are  not  capable  of,  visualization  will 
become  increasingly  labor  intensive  and  less  productive  and  proactive  with  time. 
H.         FUTURE  RESEARCH 

This  thesis  lays  the  ground  work  for  follow-on  activity  either  at  USSOCOM  or  any  other 
DoD  organization  needing  network  management/metrics  research.  It  is  hoped  this  initial  work 
will  be  followed  up  in  any  of  the  network  management/ metrics  issue  areas  or  future  network 
application  environments. 
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APPENDIX  A.  USSOCOM  TRAFFIC  STUDIES 


This  appendix  consists  of  traffic  studies  collected  from  USSOCOM. 


59 


* 

<tf 

OJ 

O 

T~ 

C 

T— 

o 

03 

TO 

sz 

c 

O 

o 

o 

a. 

C\J 

o 

O 

*- 

CO 

CD 

z 

IL 

< 

— 

Q 

o 

(0 

2 

MlPIMpueg  |bjoi 


60 


Bandwidth  Utilization  Report 
N6C20 


MacDill  AFB  to  Pentagon 

I 
JAverage 

Standard 

1024K 

I 
Total          JTotal 

Date 

Time 

Voice 

Data 

Percent 

Percent 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Calls 

19 
J9 

19 
19 

Bandwidth 

48~6% 

Bandwidth 

19.7% 

Deviation 

11/11/96 
11/11/96 

0:00:09 

0 
0 
0 

497943 

497943 

210280.2 

1:00:09 

497943 
497943 
4979431 

497943 
497943 
497943 

48.6%| 

11/11/96!       2:00:09 

48.6%j 

11/11/96 

3:00:09 

a 

48.6%  Average 

Median 

11/11/96 

4:00:09 

0 
0 

_..      -° 

...    ._.        _0j 

497943 

497943 

m 

_           _19 

19 

"  19 

48.6%  j         202005 1 

147200 

11/11/96 

5:00:09 

497943 

497943 

48.6%! 

.      .    i 

11/11/96 

6:00:09 

497943 

497943 

48.6%| 

11/11/96 

7:00:09 

497943 

497943 

48.6%  | 

11/11/96 

8:00:09 

0 

497943 

497943 

_.„.     19 

48.6%  | 

11/11/96 

9:00:08 

0 

497943 

497943 

19 

48.6%  j 

_.      .....            \ 

.  .     .1 

11/11/96 

10:00:09 

0 

497943 

497943 

19 

48.6%  | 

11/11/96 

11:00:10 

32000 

497943 

529943 

20 

51.8%! 

11/11/96 

12:00:09 

32000 

497943 

529943 

20 

51.8% 

11/11/96 

13:00:09 

0 

497943 

497943 

19 

48.6% 

11/11/96 

14:00:09 

32000 

497943 

529943 

20 

51 .8% 

11/11/96 

15:00:09 

_0J 

497943 

497943 

19 

48.6% 

11/11/96 

16:00:09 

0\ 

481943 

481943 

18 

47.1% 

11/11/96 

17:00:09 

0 

481943 

481943 

18 

47.1% 

11/11/96 

18:00:09 

0 

481943 

481943 

18 

47.1% 

11/11/96 

19:00:09 

0 

481943 

481943 

18 

47.1% 

11/11/96 

20:00:08 

0 

501143 

501143 

19 

48.9% 

11/11/96 

21:00:09 

0 

501143 

501143 

19 

48.9% 

11/11/96 

22:00:09 

0 

501143 

501143 

19 

48.9% 

11/11/96 

23:00:09 

0 

501143 

501143 

19 

48.9% 

11/12/96 

0:00:09 

0 

501143 

501143 

19 

48.9% 

11/12/96 

1:00:09 

0 

501143 

501143 

19 

48.9% 

11/12/96 

2:00:09 

0 

501143 

501143 

19 

48.9% 

11/12/96 

3:00:09 

0 

501143 

501143 

19 

48.9% 

11/12/96 

4:00:08 

0 

501143 

501143 

19 

48.9% 

11/12/96 

5:00:09 

0 

501143 

501143 

19 

48.9% 

11/12/96 

6:00:10 

0 

501143 

501143 

19 

48.9% 

11/12/96 

7:00:09 

0 

94400 

94400 

3 

9.2% 

11/12/96 

8:00:09 

0 

707543 

707543 

15 

69.1% 

11/12/96 

9:00:42 

0 

323543 

323543 

14 

31.6% 

11/12/96 

10:00:09 

32000 

323543 

355543 

15 

34.7% 

11/12/96 

11:00:09 

32000 

323543 

355543 

15 

34.7% 

11/12/96 

12:00:10 

0 

323543 

323543 

14 

31.6% 

11/12/96 

13:00:09 

64000 

387543 

451543 

17 

44.1% 

11/12/96 

14:00:12 

32000 

0 

32000 

1 

3.1% 

11/12/96 

15:00:09 

32000 

0 

32000 

1 

3.1% 

11/12/96 

16:00:09 

64000 

0 

64000 

2 

6.3% 

11/12/96 

17:00:09 

64000 

0 

64000 

2 

6.3% 

11/12/96 

18:00:09 

0 

0 

0 

0 

0.0% 

11/12/96 

19:00:09 

0 

0 

0 

0 

0.0% 

11/12/96 

20:00:10 

0 

0 

0 

0 

0.0%! 

11/12/96 

21 :00;08 

0 

0 

0 

0 

0.0%  j 

11/12/96 

22:00:09 

0 

0 

0 

0 

0.0% 

61 


Bandwidth  Utilization  Report 
N6C20 


MacDill  AFE 
1024K 

J  to  Pentagc 

Data 
Bandwidth 

0 
0 

0 

0 

0 

0 

501143 

501143" 

"501 143 

501143" 

Total 

total 

-  —       -    - 

1 

Average 

Date 

Time 

Voice 

Percent       Percent       I  Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Calls 

Bandwidth  Bandwidth  [Deviation 

0.0% 
"  0.0%; 

11/12/96 

23:00:11 

o, 

0 

o" 

0 
0 

o 
o 

0 

.    o 

501143 
629143 

0 

0 
0 

o 

0 

11/13/96 

0:00:09 

0 
0 
0 

6 

0^ 

o" 

0 

0 

128000 

32000 

32000 

11/13/961       1:00:09 

0.0% 

11/13/96        2:00:09 

0.0% 

-  -  

11/13/96        3:00:09 

0.0% 

11/13/961       4:00:09 

0.0% 

1 1/1 3/96  j       5:00:10 

o 

0.0% 

11/13/96        6:00:09 

pi 

0.0% 

11/13/96        7:00:09 

19 

48.9%; 

11/13/96        8:00:10 

23 

61.4% 

11/13/96 

9:00:08 

533143 
533143 

20 
20 

52.1% 

11/13/96 

10:00:09 

52.1% 

11/13/96 

11:00:09 

64000 

501143 

565143 

21 

55.2% 

11/13/96 

12:00:09 

32000 

501143 

533143 

20 

52.1%: 

11/13/96 

13:00:10 

32000 

437143 

469143 

19 

45.8%! 

11/13/96 

14:00:09 

0 

501143 

501143 

19 

48.9%; 

11/13/96 

15:00:09 

32000 

0 

32000 

1 

3.1%i 

11/13/96 

16:00:09 

64000 

0 

64000 

2 

6.3% 

11/13/96 

17:00:09 

0 

0 

0 

0 

0.0% 

11/13/96 

18:00:09 

0 

0 

0 

0 

0.0% 

11/13/96 

19:00:09 

0 

0 

0 

0 

0.0% 

11/13/96 

20:00:09 

0 

0 

0 

0 

0.0% 

11/13/96 

21:00:09 

0 

0 

0 

0 

0.0% 

11/13/96 

22:00:09 

0 

0 

0 

0 

0.0% 

11/13/96 

23:00:09 

0 

0 

0 

0 

0.0% 

11/14/96 

0:00:09 

0 

0 

0 

0 

0.0% 

11/14/96 

1:00:09 

0 

0 

0 

0 

0.0% 

11/14/96 

2:00:09 

0 

0 

0 

0 

0.0% 

11/14/96 

3:00:09 

0 

0 

0 

0 

0.0% 

11/14/96 

4:00:10 

0 

0 

0 

0 

0.0% 

11/14/96 

5:00:12 

0 

481943 

481943 

18 

47.1% 

11/14/96 

6:00:09 

0 

481943 

481943 

18 

47.1% 

11/14/96 

7:00:08 

32000 

481943 

513943 

19 

50.2% 

11/14/96 

8:00:09 

0 

481943 

481943 

18 

47.1% 

11/14/96 

9:09:30 

32000 

481943 

513943 

19 

50.2% 

11/14/96 

10:00:09 

64000 

481943 

545943 

20 

53.3% 

11/14/96 

11:00:09 

96000 

481943 

577943 

21 

56.4% 

11/14/96 

12:00:09 

0 

481943 

481943 

18 

47.1%1 

11/14/96 

13:00:09 

32000 

19200 

51200 

2 

5.0% 

11/14/96 

14:00:09 

0 

19200 

19200 

1 

1 .9% 

11/14/96 

15:00:09 

0 

19200 

19200 

1 

1 .9% 

11/14/96 

16:00:10 

32000 

19200 

51200 

2 

5.0% 

11/14/96 

17:00:10 

32000 

19200 

51200 

2 

5.0% 

11/14/96 

18:00:09 

0 

19200 

19200 

1 

1 .9% 

11/14/96 

19:00:08 

0 

19200 

19200 

1 

1.9% 

11/14/96 

20:00:08 

0 

19200 

19200 

1 

1.9% 

11/14/96 

21:00:10 

0 

19200 

19200 

1 

1.9% 

62 


Bandwidth  Utilization  Report 
N6C20 


Date 

MacDili  AFB  to  Pentagon 

l 

-  -4 

I 

Total 

1024K 

Data 

Percent 

Average 

Percent        Standard 

Time 

Voice 

Total 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

19200 

Bandwidth 

19200 
19200 
19200; 
19200 
19200| 

Calls 

1 

1 

...  — i 

:     J 

1 

....  .4 
II 

Bandwidth 

1.9% 

1.9% 

1.9% 

"7.9%" 

Bandwidth  |  Deviation 

"" "J 

i" " 

i 

11/14/96 
~  i  1/14/96 

22:00:09 
23:00:10 

0 

o 

19200 

11/15/96 
11/15/96 
11/15/96 

0:00:09 
1:00:09" 

P] 
.0 

19200 
19200 
19200 

2:00:09 

o 

1.9%  I 

11/15/96 
11/15/96 
11/15/96 

3:00:10 

-  -     -° 

19200 

19200! 

1.9%  | 

4:00:11 

0 

19200 
19200 

19200 
19200 

1.9%] 

5:00:09 

0J 

1.9% 

11/15/96 

6:00:41 

32000 

19200 

51200 

2|             5.0% 

11/15/96 

7:00:10 

32000 

19200 

51200 

2 

5.0% 

11/15/96 

8:00:10 

0 

19200 

19200 

1 

1.9% 

11/15/96 

9:00:09 

32000 

19200 

51200 

2 

5.0%j 

11/15/96 

10:00:09 

0 

19200 

19200 

1 

1.9% 

11/15/96 

1 1 :00:09 

160000 

19200 

179200 

6 

17.5% 

11/15/96 

12:00:10 

32000 

19200 

51200 

2 

5.0% 

11/15/96 

13:00:09 

32000 

19200 

51200 

2 

5.0% 

11/15/96 

14:00:08 

64000 

19200 

83200 

3 

8.1% 

11/15/96 

15:00:09 

160000 

19200 

179200 

6 

17.5% 

11/15/96 

16:00:09 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

17:00:10 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

18:00:09 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

19:00:09 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

20:00:09 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

21 :00:09 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

22:00:09 

128000 

19200 

147200 

5 

14.4% 

11/15/96 

23:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

0:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

1:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

2:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

3:00:10 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

4:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

5:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

6:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

7:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

8:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

9:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

10:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

1 1 :00:08 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

12:00:10 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

13:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

14:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

15:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

16:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

17:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

18:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

19:00:09 

128000 

19200 

147200 

5 

14.4% 

11/16/96 

20:00:09 

0 

19200 

__ 

19200 

1 

1 .9% 

63 


Bandwidth  Utilization  Report 
N6C20 


MacDill  AFB  to  Pentagon 

1024K 

I  Average 

Date 

Time 

Voice 

Data 

Total            Total         (Percent      (Percent       !  Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth  Bandwidth 

Calls         I  Bandwidth  {Bandwidth  Deviation 

11/16/96 

21:00:09 

0 

19200]           19200 

1              1.9% 

11/16/96 

22:00:26 

0 

19200            19200 

1  i            1 .9% 

11/16/96 

23:00:09 

0 

19200 

19200 

1              1 .9% 

11/17/96 

0:00:09 

0 

19200 

19200 

1|            1.9%j 

11/17/96 

1 :00:09 

0 

19200 

19200 

11            1.9% 

11/17/96 

2:00:09 

0 

19200 

19200 

11            1.9%| 

11/17/96 

3:00:09 

0 

19200 

19200 

1|            1.9%i 

11/17/96 

4:00:10 

0 

19200 

19200 

1 1            1 .9% 

11/17/96;       5:00:09 

0 

19200 

19200 

1              1 .9% 

11/17/96 

6:00:09 

0 

19200 

19200 

1  j            1 .9% 

11/17/96 

7:00:09 

0 

19200 

19200 

1              1.9% 

11/17/96 

8:00:09 

0 

19200 

19200 

■\ 

1 .9% 

11/17/96 

9:00:09 

0 

19200 

19200 

1 .9% 

11/17/96 

10:00:09 

0 

19200 

19200 

1.9% 

11/17/96 

11:00:08 

0 

19200 

19200 

1 .9% 

11/17/96 

12:00:09 

0 

19200 

19200 

1.9% 

11/17/96 

13:00:11 

0 

19200 

19200 

1.9% 

11/17/96 

14:00:09 

0 

156343 

156343 

7 

15.3% 

11/17/96 

15:00:09 

0 

156343 

156343 

7 

15.3% 

11/17/96 

16:00:17 

0 

156343 

156343 

7 

15.3% 

11/17/96 

17:00:09 

0 

156343 

156343 

7 

15.3% 

11/17/96 

18:00:09 

0 

156343 

156343 

7 

15.3% 

11/17/96 

19:00:08 

0 

156343 

156343 

7 

15.3% 

11/17/96 

20:00:09 

0 

156343 

156343 

7 

15.3%i 

11/17/96 

21:00:09 

0 

156343 

156343 

7 

15.3%! 

11/17/96 

22:00:09 

0 

156343 

156343 

7 

15.3% 

11/17/96 

23:00:09 

0 

156343 

156343 

7 

15.3%! 

64 


00 

(£> 

1 

C 

o 

C 

0) 

o. 


en 

U) 
(0 

l_ 

CD 

#■* 
LL 


MlPIMpueg  lejoi 


65 


Bandwidth  Utilization  Report 
N1N6 


i 

Ft  Bragg  to  Pentagon   J 

! 

768K 

I           I 

Average 

Date 

Time 

Voice            Data 

Total 

Total         |  Percent 

Percent      I  Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth  Bandwidth 

Bandwidth 

Calls         I  Bandwidth  Bandwidth  |  Deviation 

11/11/96 

0:00:06 

0         497943 

497943 

19 
19 
19 

~  19 

64.8%! 

65.0%  |    103831.8 

11/11/96 

1:00:06 

0         497943 

497943 

64.8% 

11/11/96 

2:00:06 

0!        497943 
~0|        497943 

497943 
497943 

64.8% 

Median 

497943 

11/11/96 

3:00:06 

64.8%!  Average 

11/11/96 

4:00:06 

0         497943 

497943 

19 

64.8%:         499348! 

11/11/96 

5:00:06 

0|         497943 

497943 

19 

64.8% 

11/11/96 

6:00:06 

OjO 

497943 

497943 

._  _     _  19 

64.8% 

T 

11/11/96 

7:00:06 

497943 

497943 

19 

64.8% 

11/11/96 

8:00:07 

Oi 

497943 

497943 

19 

64.8% 

11/11/96 

9:00:05 

0 

497943 

497943 

19 

64.8% 

11/11/96 

10:00:06 

oi 

497943 

497943 

19 

64.8%: 

11/11/96 

11:00:06 

32000 1         497943 

529943 

20 

69.0%; 

11/11/96 

12:00:06 

32000         497943 

529943 

20 

69.0% 

11/11/96 

13:00:06 

0 

497943 

497943 

19 

64.8%  | 

11/11/96 

14:00:06 

32000 

497943 

529943 

20 

69.0%; 

11/11/96 

15:00:06 

0 

497943 

497943 

19 

64.8% 

11/11/96 

16:00:06 

0 

481943 

481943 

18 

62.8% 

11/11/96 

17:00:06 

0 

481 943 

481943 

18 

62.8% 

11/11/96 

18:00:06 

0 

481943 

481943 

18 

62.8% 

11/11/96 

19:00:06 

0 

481943 

481943 

18 

62.8% 

11/11/96 

20:00:06 

0 

501143 

501143 

19 

65.3% 

11/11/96 

21:00:06 

0 

501143 

501143 

19 

65.3% 

11/11/96 

22:00:07 

0 

501143 

501143 

19 

65.3% 

11/11/96 

23:00:07 

0 

501143 

501143 

19 

65.3% 

11/12/96 

0:00:06 

0 

501143 

501143 

19 

65.3% 

11/12/96 

1:00:06 

0 

501143 

501143 

19 

65.3% 

11/12/96 

2:00:06 

0 

501143 

501143 

19 

65.3% 

11/12/96 

3:00:06 

0 

501143 

501143 

19 

65.3% 

11/12/96 

4:00:06 

0 

501143 

501143 

19 

65.3% 

11/12/96 

5:00:06 

0 

501143 

501143 

19 

65.3% 

11/12/96 

6:00:07 

0 

501143 

501143 

19 

65.3% 

11/12/96 

7:00:07 

0 

396343 

396343 

15 

51.6% 

11/12/96 

8:00:06 

64000 

846743 

910743 

20 

118.6% 

11/12/96 

9:00:08 

0 

481943 

481943 

18 

62.8% 

11/12/96 

10:00:06 

32000 

481943 

513943 

19 

66.9% 

11/12/96 

11:00:06 

32000 

481943 

513943 

19 

66.9% 

11/12/96 

12:00:06 

0 

481943 

481943 

18 

62.8% 

11/12/96 

13:00:07 

64000 

481943 

545943 

20 

71.1% 

11/12/96 

14:00:09 

32000 

481943 

513943 

19 

66.9% 

11/12/96 

15:00:06 

32000 

481943 

513943 

19 

66.9% 

11/12/96 

16:00:06 

64000 

481943 

545943 

20 

71.1% 

11/12/96 

17:00:06 

64000 

481943 

545943 

20 

71.1% 

11/12/96 

18:00:06 

0 

481943 

481943 

18 

62.8% 

11/12/96 

19:00:06 

0 

481943 

481943 

18 

62.8% 

11/12/96 

20:00:06 

0 

481943 

481943 

18 

62.8% 

11/12/96 

21 :00:06 

0 

481943 

481943 

18 

62.8% 

11/12/96 

22:00:06 

0 

481943 

481943 

18 

62.8% 
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Bandwidth  Utilization  Report 
N1N6 


Ft  Bragg  to 

Pentagon 



Total 

-■   ■■    — 

Average 



768K 

Date 

Time 

Voice 

Data 

Total 

Percent 

Percent 

Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Calls 

Bandwidth 

Bandwidth 

Deviation 

11/12/96 

23:00:07 

0 

481943 

481943 

18 
18 
18 
18 
18 
18 
18 
18 

62.8% 

.  _._!__  .     ____ 

11/13/96 

0:00:07 

0 

481943 

481943 

62.8% 

11/13/96 

1:00:06 

0 

481943 

481943 
481943 

62.8% 
62.8% 

11/13/96 

2:00:06 

0 

481943 

11/13/96 

3:00:06 

Oj 

481943 

481943 

62.8% 

...  _  

11/13/96 

4:00:06 

0 

481943 

481943 

62.8% 

11/13/96 

5:00:07 

0 
0 

481943 
481943 

481943 
481943 

62.8% 
62.8% 

—I 

11/13/96 

6:00:06 

.   _____  1 

11/13/96 

7:00:06 

0 

501143 

501143 

19 

65.3% 

i 

11/13/96 

8:00:07 

128000 

501143 

629143 

23 
20~ 

81.9% 

11/13/96 

9:00:06 

32000 

501143 

533143 

69.4% 

I 

11/13/96 

10:00:06 

32000 

501143 

533143 

20 

69.4% 

11/13/96 

1 1 :00:06 

64000 

501143 

565143 

21 

73.6% 

11/13/96 

12:00:06 

32000 

501143 

533143 

20 

69.4% 

11/13/96 

13:00:07 

32000 

437143 

469143 

19 

61.1% 

11/13/96 

14:00:06 

0 

501143 

501143 

19 

65.3% 

11/13/96 

15:00:07 

32000 

481943 

513943 

19 

66.9% 

11/13/96 

16:00:06 

64000 

481943 

545943 

20 

71.1% 

11/13/96 

17:00:07 

0 

481943 

481943 

18 

62.8% 

11/13/96 

18:00:07 

0 

481943 

481943 

18 

62.8% 

11/13/96 

19:00:06 

0 

481943 

481943 

18 

62.8% 

11/13/96 

20:00:06 

0 

481943 

481943 

18 

62.8% 

11/13/96 

21:00:06 

0 

481943 

481943 

18 

62.8% 

11/13/96 

22:00:06 

0 

481943 

481943 

18 

62.8% 

11/13/96 

23:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

0:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

1:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

2:00:07 

0 

481943 

481943 

18 

62.8% 

11/14/96 

3:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

4:00:07 

0 

481943 

481943 

18 

62.8% 

11/14/96 

5:00:09 

0 

481943 

481943 

18 

62.8% 

11/14/96 

6:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

7:00:06 

32000 

481943 

513943 

19 

66.9% 

11/14/96 

8:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

9:09:28 

32000 

481943 

513943 

19 

66.9% 

11/14/96 

10:00:06 

64000 

481943 

545943 

20 

71.1% 

11/14/96 

11:00:06 

96000 

481943 

577943 

21 

75.3% 

11/14/96 

12:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

13:00:06 

32000 

481943 

513943 

19 

66.9% 

11/14/96 

14:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

15:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

16:00:07 

32000 

481943 

513943 

19 

66.9% 

11/14/96 

17:00:07 

32000 

481943 

513943 

19 

66.9% 

11/14/96 

18:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

19:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

20:00:06 

0 

481943 

481943 

18 

62.8% 

11/14/96 

21:01:15 

0 

481943 

481943 

18 

62.8% 

j 
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N1N6 


Ft  Bragg  to 

Pentagon 

-    -  — 

Average 

768K 

Total 

Date 

Time 

Voice 

Data 

Total 

Percent       Percent       I  Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

481943 

Calls 

18 
18 

Bandwidth  |  Bandwidth  |  Deviation 

11/14/96 

22:00:06 

0 

481943 

62.8% 

11/14/96 

23:00:07 

0 

"  0 

481943 
481943 
481943 

481943 
481943 
481943 

62.8% 

11/15/96 

0:00:06 

18;           62.8% 

11/15/96 

1:00:06 

0 

18           62.8%  i 
18!           62.8%; 

11/15/96 

2:00:06 

.    o 

481943 

481943 

11/15/96 

3:00:06 

o 

481943 

481943 

18            62.8% 
18            62.8% 

11/15/96 

4:00:08 

0 

481943 

481943 

11/15/96 

5:00:06 

0 

481943 

481943 

18i           62.8% 

11/15/96 

6:00:39 

32000 

481943 

513943 

19 

66.9% 
66.9% 

11/15/96 

7:00:08 

32000 

481943 

513943 

19 

11/15/96 

8:00:07 

0 

481943 

481943 

18 

62.8% 

11/15/96 

9:00:06 

32000 

481943 

513943 

19] 

66.9% 

| 

11/15/96 

10:00:06 

0 

481943 

481943 

18 

62.8% 

11/15/96 

11:00:06 

160000 

481943 

641943 

231 

83.6% 

11/15/96 

12:00:07 

32000 

481943 

513943 

19 

66.9% 

11/15/96 

13:00:07 

32000 

481943 

513943 

19 

66.9% 

11/15/96 

14:00:06 

64000 

481943 

545943 

20 

71.1% 

11/15/96 

15:00:06 

160000 

481943 

641943 

23           83.6% 

11/15/96 

16:00:06 

128000 

481943 

609943 

22            79.4% 

11/15/96 

17:00:07 

128000 

481943 

609943 

22 

79.4% 

11/15/96 

18:00:06 

128000 

481943 

609943 

22 

79.4% 

11/15/96 

19:00:06 

128000 

481943 

609943 

22 

79.4% 

11/15/96 

20:00:07 

128000 

481943 

609943 

22 

79.4% 

11/15/96 

21:00:07 

128000 

481943 

609943 

22 

79.4% 

11/15/96 

22:00:06 

128000 

481943 

609943 

22 

79.4% 

11/15/96 

23:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

0:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

1:00:07 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

2:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

3:00:07 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

4:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

5:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

6:00:07 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

7:00:07 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

8:00:07 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

9:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

10:00:06 

128000 

481943 

609943 

22 

79.4%! 

11/16/96 

1 1 :00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

12:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

13:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

14:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

15:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

16:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

17:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

18:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

19:00:06 

128000 

481943 

609943 

22 

79.4% 

11/16/96 

20:00:06 

0 

481943 

481943 

181           62.8% 

68 
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N1N6 


Ft  Bragg  to  Pentagon 

768K 

Average 

Date 

Time 

Voice 

Data 

Total 

Total 

Percent 

Percent 

Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Calls 

Bandwidth 

Bandwidth 

Deviation 

11/16/96 

21 :00:06 

0 

481943 

481943 

18 

62.8% 

11/16/96 

22:00:06 

0 

481943 

481943 

18 

62.8% 

11/16/96 

23:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

0:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

1:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

2:00:06 

0 

481 943 

481943 

18 

62.8% 

11/17/96 

3:00:06 

0 

481943!        481943 

18 

62.8% 

11/17/96 

4:00:07 

0 

481943 

481943 

18 

62.8% 

11/17/96 

5:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

6:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

7:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

8:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

9:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

10:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

11:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

12:00:06 

0 

481943 

481943 

18 

62.8% 

11/17/96 

13:00:07 

0 

481943 

481943 

18 

62.8% 

11/17/96 

14:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

15:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

16:00:15 

0 

156343 

156343 

7 

20.4% 

11/17/96 

17:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

18:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

19:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

20:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

21:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

22:00:06 

0 

156343 

156343 

7 

20.4% 

11/17/96 

23:00:06 

0 

156343 

156343 

7 

20.4% 

69 
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Bandwidth  Utilization  Report 
N1N4 


Ft  Bragg  to  MacDill  AFB 

Total 

Percent 

I 

Average 
Percent 

3@768K 

Date 

Time 

Voice 

._ , 

Data 

Total 

Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Calls 

10 
10 
10 
10 
10 

::    jo 

10] 

10j 

Bandwidth 

Bandwidth 

Deviation 

11/11/96 

0:00:05 

0, 

856800 

856800 
856800 
856800 
856800 

37.2% 
37~2% 
37.2% 

38,9% 

102877.5 

11/11/96 

1:00:05 

0 

856800 

11/11/96 

2:00:06 

0 

856800I 
856800 

11/11/96 

3:00:06 

0 

37.2% 

Average 

Median 

11/11/96 

4:00:06 

0 

856800 

856800 

37.2% 

895324 

856800 

11/11/96 

5:00:06 

0 
0 

856800         856800 

37.2% 

i 

11/11/96 

6:00:06 

856800 

856800 
856800 

37.2% 



11/11/96 

7:00:06 

0 

856800 

37.2% 

11/11/96 

8:00:06 

0 

856800         856800 

- J°l 

11 

10 

37.2% 

11/11/96 

9:00:05 

32000 

856800 

888800 

38.6% 

-  - 

11/11/96 

10:00:06 

0 

856800 

856800 

37.2% 

11/11/96 

11:00:06 

32000 

856800 

888800 

11 

38.6% 

11/11/96 

12:00:06 

32000 

856800 

888800 

11 

38.6% 

11/11/96 

13:00:06 

0 

856800 

856800 

10 

37.2% 

11/11/96 

14:00:05 

0 

856800 

856800 

10 

37.2% 

11/11/96 

15:00:06 

0 

856800 

856800 

10 

37.2% 

11/11/96 

16:00:05 

0 

840800 

840800 

9 

36.5% 

11/11/96 

17:00:05 

0 

892000 

892000 

12 

38.7% 

11/11/96 

18:00:06 

0 

892000 

892000 

12 

38.7% 

11/11/96 

19:00:05 

0 

892000 

892000 

12 

38.7% 

11/11/96 

20:00:05 

0 

741600 

741600 

6 

32.2% 

11/11/96 

21:00:06 

0 

741600 

741600 

6 

32.2% 

11/11/96 

22:00:06 

0 

741600 

741600 

6 

32.2% 

11/11/96 

23:00:06 

0 

741600 

741600 

6 

32.2% 

11/12/96 

0:00:05 

0 

741600 

741600 

6 

32.2% 

11/12/96 

1:00:06 

0 

741600 

741600 

6 

32.2% 

11/12/96 

2:00:05 

0 

741600 

741600 

6 

32.2% 

11/12/96 

3:00:05 

0 

741600 

741600 

6 

32.2% 

11/12/96 

4:00:05 

0 

741600 

741600 

6 

32.2% 

11/12/96 

5:00:06 

0 

741600 

741600 

6 

32.2% 

11/12/96 

6:00:06 

0 

741600 

741 600 

6 

32.2% 

11/12/96 

7:00:06 

0 

760800 

760800 

7 

33.0% 

11/12/96 

8:00:06 

0 

1164000 

1164000 

9 

50.5% 

11/12/96 

9:00:07 

0 

760800 

760800 

7 

33.0% 

11/12/96 

10:00:06 

32000 

816800 

848800 

9 

36.8% 

11/12/96 

11:00:06 

64000 

816800 

880800 

10 

38.2% 

11/12/96 

12:00:06 

0 

816800 

816800 

8 

35.5% 

11/12/96 

13:00:06 

0 

870400 

870400 

12 

37.8% 

11/12/96 

14:00:08 

64000 

886400 

950400 

15 

41 .3% 

11/12/96 

15:00:05 

64000 

910400 

974400 

16 

42.3% 

11/12/96 

16:00:06 

0 

910400 

910400 

14 

39.5% 

11/12/96 

17:00:05 

64000 

910400 

974400 

16 

42.3% 

11/12/96 

18:00:05 

0 

908000 

908000 

13 

39.4% 

11/12/96 

19:00:05 

0 

908000 

908000 

13 

39.4% 

11/12/96 

20:00:06 

0 

908000 

908000 

13 

39.4% 

11/12/96 

21:00:05 

0 

908000 

908000 

13 

39.4% 

11/12/96 

22:00:06 

0 

908000 

908000 

13 

39.4% 
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Ft  Bragg  to  MacDill  AFI 

L     .    ._[_._..    ..I 
! 

total"          total 

3@768K 

Average 

Date 

Time 

Voice 

Data 

Percent 

Percent 

Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth  Calls 

Bandwidth 

Bandwidth 

Deviation 

11/12/96 

23:00:06 

0 

908000 

908000 
908000 
908000' 
908000 
908000 
908000 
908000 
908000 

13 

13 : 

13' 

13' 

13~ 

13| 

13: 

13 

39.4% 

11/13/96 

0:00:06 

?: 

0 
0 

908000 
908000 
908000 
908000 
908000 
908000^ 
908000 

39.4% 

11/13/96 

1:00:05 

39.4% 

11/13/96 

2:00:06 

39.4%  | 

11/13/96 

3:00:06 

0 

39.4%  i 

11/13/96 

4:00:05 

...     ::o 

0 
0 

39.4% 

.     f 

11/13/96 

5:00:06 

39.4%! 

L 

11/13/96 

6:00:06 

39.4%  j 

11/13/96 

7:00:05 

o 

837600 

837600 

9] 

36.4% 

] 

11/13/96 

8:00:06 

64000 

840000 

904000 

12 

39.2% 

11/13/96 

9:00:05 

0 

840000 

840000 

10 

36.5% 

11/13/96 

10:00:06 

96000 

840000 

936000 

13| 

40.6% 



11/13/96 

1 1 :00:05 

32000 

840000 

872000 

11 

37.8% 

11/13/96 

12:00:05 

32000 

840000 

872000 

11 

37.8% 

11/13/96 

13:00:06 

0 

840000 

840000 

10 

36.5% 

11/13/96 

14:00:05 

0 

840000 

840000 

10 

36.5% 

11/13/96 

15:00:06 

416000 

859200 

1275200 

18 

55.3% 

11/13/96 

16:00:05 

32000 

856800 

888800 

11 

38.6% 

11/13/96 

17:00:06 

0 

1240800 

1240800 

16 

53.9% 

11/13/96 

18:00:06 

0 

856800 

856800 

10 

37.2% 

11/13/96 

19:00:05 

0 

856800 

856800 

10 

37.2% 

11/13/96 

20:00:06 

0 

856800 

856800 

10 

37.2% 

11/13/96 

21:00:05 

0 

856800 

856800 

10 

37.2% 

11/13/96 

22:00:05 

0 

856800 

856800 

10 

37.2% 

11/13/96 

23:00:06 

0 

856800 

856800 

10 

37.2% 

11/14/96 

0:00:06 

0 

856800 

856800 

10 

37.2% 

11/14/96 

1 :00:05 

0 

856800 

856800 

10 

37.2% 

11/14/96 

2:00:06 

0 

856800 

856800 

10 

37.2% 

11/14/96 

3:00:06 

0 

856800 

856800 

10 

37.2% 

11/14/96 

4:00:06 

32000 

856800 

888800 

11 

38.6% 

11/14/96 

5:00:07 

0 

856800 

856800 

10 

37.2% 

i 

11/14/96 

6:00:05 

0 

856800 

856800 

10 

37.2% 

11/14/96 

7:00:05 

32000 

856800 

888800 

11 

38.6% 

11/14/96 

8:00:05 

0 

856800 

856800 

10 

37.2% 

11/14/96 

9:09:27 

0 

856800 

856800 

10 

37.2% 

11/14/96 

10:00:05 

32000 

856800 

888800 

11 

38.6% 

11/14/96 

1 1 :00:06 

160000 

988000 

1148000 

22 

49.8% 

11/14/96 

12:00:05 

64000 

988000 

1052000 

19 

45.7% 

11/14/96 

13:00:05 

64000 

972000 

1036000 

18 

45.0% 

11/14/96 

14:00:06 

64000 

894400 

958400 

15 

41.6% 

11/14/96 

15:00:06 

32000 

892000 

924000 

13 

40.1% 

11/14/96 

16:00:07 

448000 

892000 

1340000 

20 

58.2% 

11/14/96 

17:00:06 

64000 

892000 

956000 

14 

41.5% 

11/14/96 

18:00:05 

64000 

892000 

956000 

14 

41 .5% 

11/14/96 

19:00:05 

32000 

892000 

924000 

13 

40.1% 

11/14/96 

20:00:05 

32000 

892000 

924000 

13 

40.1% 

11/14/96 

21:00:05 

32000 

892000 

924000 

13 

40.1% 
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Standard 

Date           jTime 

3@768K 

Average 

Voice 

Data 

Total 

Total 

Percent 

Percent 

mm/dd/yy  |hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Calls 

Bandwidth  Bandwidth 

Deviation 

11/14/96!     22:00:06 

32000 

892000 

924000 

13 
13 
13 

111 

40.1% 

11/14/96 

23:00:06 
0:00:05 

32000 

892000 

924000 
924000 

40.1%i 
40.1%; 
38.6%j 

37.2%l 

11/15/96 

32000 

892000 

11/15/96;       1:00:06 
11/15/96J      2:00:05 

32000 

856800 

888800 

-° 

856800 

856800 

10 

11/15/96 

3:00:05 
4:00:05 
5:00:06 

0 

856800^ 

856800 

10 

37.2% 

11/15/96 

0 

856800 

856800 

10 

37.2% 

11/15/96 

0 

856800 

856800 

10 

37.2% 

11/1 5/96 1       6:00:38 

32000 

856800 

888800 

11 

38.6% 

■ 

11/15/96!       7:00:07 
1 1/1 5/96  j       8:00:06 

32000 

856800 

888800 

11 

38.6% 

0 

856800 

856800 

10 

37.2% 

1 1/1 5/96  j       9:00:05 

96000 

856800 

952800 

13 

41 .4% 

11/15/96      10:00:05 

0 

1240800 

1240800 

16 

53.9% 

11/15/96      11:00:06 

96000 

856800 

952800 

13 

41 .4%  | 

11/15/961     12:00:06 

0 

856800 

856800 

10 

37.2%i 

11/15/96      13:00:06 

0 

856800 

856800 

10 

37.2%i 

11/15/96i     14:00:05 

0 

856800 

856800 

10 

37.2%! 

11/15/96 

15:00:05 

0 

856800 

856800 

10 

37.2%  J 

11/15/96 

16:00:05 

32000 

856800 

888800 

11 

38.6%! 

11/15/96 

17:00:06 

32000 

856800 

888800 

11 

38.6% 

11/15/96 

18:00:05 

32000 

856800 

888800 

11 

38.6% 

11/15/96 

19:00:05 

0 

856800 

856800 

10 

37.2% 

11/15/96 

20:00:06 

0 

856800 

856800 

10 

37.2% 

11/15/96 

21:00:06 

0 

856800 

856800 

10 

37.2% 

11/15/96 

22:00:06 

0 

856800 

856800 

10 

37.2% 

11/15/96 

23:00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

0:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

1 :00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

2:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

3:00:07 

0 

856800 

856800 

10 

37.2% 

11/16/96 

4:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

5:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

6:00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

7:00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

8:00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

9:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

10:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

1 1 :00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

12:00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

13:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

14:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

15:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

16:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

17:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

18:00:06 

0 

856800 

856800 

10 

37.2% 

11/16/96 

19:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

20:00:05 

0 

856800 

856800 

10 

37.2% 
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!              I              | 

3@768K 

!  Average 

Date 

Time 

Voice 

Data 

Total 

Total 

Percent       Percent       Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Calls 

Bandwidth  Bandwidth  Deviation 

11/16/96 

21 :00:06 

0 

856800 

856800 

10 

37.2%' 

11/16/96 

22:00:05 

0 

856800 

856800 

10 

37.2% 

11/16/96 

23:00:06 

0 

856800 

856800 

10 

37.2% 

i 

11/17/96 

0:00:05 

0 

856800 

856800 

10 

37.2% 

11/17/96 

1 .00:05 

0 

856800 

856800 

10 

37.2%: 

11/17/96 

2:00:05 

0 

856800 

856800 

10 

37.2%! 

11/17/96 

3:00:06 

0 

856800 

856800 

10 

37.2%i 

11/17/96 

4:00:06 

0 

856800 

856800 

10 

37.2%; 



11/17/96 

5:00:05!                  0 

856800 

856800 

10 

37.2% 

11/17/96 

6:00:05 

0 

856800 

856800 

10 

37.2% 

11/17/96 

7:00:06 

0 

856800 

856800 

10 

37.2% 



11/17/96 

8:00:06 

0 

856800 

856800 

10 

37.2% 

11/17/96 

9:00:05 

0 

856800 

856800 

10 

37.2% 

11/17/96 

10:00:05 

0 

856800 

856800 

10 

37.2% 

11/17/96 

11:00:05 

0 

856800 

856800 

10 

37.2% 

I 

11/17/96 

12:00:05 

0 

856800 

856800 

10 

37.2% 

! 

11/17/96 

13:00:05 

0 

856800 

856800 

10 

37.2% 

11/17/96 

14:00:05 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

15:00:06 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

16:00:14|                   0 

1126400 

1126400 

20 

48.9% 

11/17/96 

17:00:05 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

18:00:05 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

19:00:05 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

20:00:06  j                   0 

1126400 

1126400 

20 

48.9% 

11/17/96 

21:00:05 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

22:00:05 

0 

1126400 

1126400 

20 

48.9% 

11/17/96 

23:00:05 

0 

1126400 

1126400 

20 

48.9% 
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Bandwidth  Utilization  Report 
N1N9 


Date 

Ft  Bragg  to  Hurlburt  1 

_ 

_  _ i     _       . 

1024K 

Data" 

Total           ifotai 

Bandwidth  Calls 

Average 

Time 

Voice 

Percent 

Percent       ]  Standard 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth  Bandwidth  I  Deviation 

11/11/96 
'"  11/11/96 

0:00:04 

0 

640800 

640800 

7 
7 

"  7 
7 

7 
7 
7 

62.6%| 

62.9%  i   34328.07 

1:00:04                    0 

640800 
640800 
640800 

640800 
640800' 
640800 
640800 

62.6% 
62.6% 

- - - 

11/11/96 

2:00:05 1                   0 

11/11/96 

3:00:05 

0 

62.6% 

Average       Median 

11/11/96 

4:00:05 

0 

640800 

62.6% 

643948 

640800 

11/11/96 

5:00:05 

0 

640800 

640800 
6408001 
640800 

62.6% 

11/11/96 

6:00:05 

.0 

640800 
640800 

62.6% 

11/11/96 

7:00:05 

0 

62.6% 

11/11/96 

8:00:05 

0 

640800 

640800 

7 

62.6% 

1 

11/11/96 

9:00:04 

0 

640800 

640800 

7 

62.6% 

11/11/96 

10:00:05 

0 

640800 

640800 

7 

62.6% 

1 

11/11/96 

1 1 :00:05 

0 

640800 

640800 

7 

62.6% 

1 

11/11/96 

12:00:05 

0 

640800 

640800 

7 

62.6% 

11/11/96 

13:00:05 

0 

640800 

640800 

7 

62.6% 

11/11/96 

14:00:05 

0 

640800 

640800 

7 

62.6% 

11/11/96 

15:00:05 

0 

640800 

640800 

7 

62.6% 

11/11/96 

16:00:04 

0 

640800 

640800 

7 

62.6% 

11/11/96 

17:00:04 

0 

589600 

589600 

4 

57.6% 

11/11/96 

18:00:05 

0 

589600 

589600 

4 

57.6% 

11/11/96 

19:00:04 

0 

589600 

589600 

4 

57.6% 

11/11/96 

20:00:04 

0 

696800 

696800 

8 

68.0% 

11/11/96 

21 :00:05 

0 

696800 

696800 

8 

68.0% 

11/11/96 

22:00:05 

0 

696800 

696800 

8 

68.0% 

11/11/96 

23:00:05 

0 

696800 

696800 

8 

68.0% 

11/12/96 

0:00:05 

0 

696800 

696800 

8 

68.0% 

11/12/96 

1:00:04 

0 

696800 

696800 

8 

68.0% 

11/12/96 

2:00:05 

0 

696800 

696800 

8 

68.0% 

11/12/96 

3:00:05 

0 

696800 

696800 

8 

68.0% 

11/12/96 

4:00:04 

0 

696800 

696800 

8 

68.0% 

11/12/96 

5:00:05 

0 

696800 

696800 

8 

68.0% 

11/12/96 

6:00:05 

0 

696800 

696800 

8 

68.0% 

11/12/96 

7:00:05 

0 

699200 

699200 

9 

68.3% 

11/12/96 

8:00:05 

0 

699200 

699200 

9 

68.3% 

11/12/96 

9:00:06 

0 

699200 

699200 

9 

68.3% 

11/12/96 

10:00:05 

32000 

643200 

675200 

9 

65.9% 

11/12/96 

11:00:05 

96000 

643200 

739200 

11 

72.2% 

11/12/96 

12:00:05 

0 

640800 

640800 

7 

62.6% 

11/12/96 

13:00:05 

0 

589600 

589600 

4 

57.6% 

11/12/96 

14:00:07 

32000 

589600 

621600 

5 

60.7% 

11/12/96 

15:00:04 

32000 

589600 

621600 

5 

60.7% 

11/12/96 

16:00:05 

0 

589600 

589600 

4 

57.6% 

11/12/96 

17:00:05 

0 

589600 

589600 

4 

57.6% 

11/12/96 

18:00:04 

0 

589600 

589600 

4 

57.6% 

11/12/96 

19:00:05 

0 

589600 

589600 

4 

57.6% 

11/12/96 

20:00:05 

0 

589600 

589600 

4 

57.6% 

11/12/96 

21:00:04 

0 

589600 

589600 

4 

57.6% 

11/12/96 

22:00:05 

0 

589600 

589600 

4 

57.6% 
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Bandwidth  Utilization  Report 
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Ft  Bragg  to  Hurlburt  1 

Total 
Calls 

4 
4 
4 
4 
4 

4 

4 

4 

:    :i 

......      JL 

7 

I 



Date 

Time 

1024K 

Average 
Percent       Percent 

Voice 

Data 

Total 

Standard 
Deviation 

mm/dd/yy 

hh:mm:ss 

Bandwidth 

Bandwidth 

Bandwidth 

Bandwidth] 

57.6% 

Bandwidth 

11/12/96 

23:00:05 

0 

589600 

589600 
589600 
~"    589600 
589600 
589600 
589600 
589600j 
589600 

-     —  -  - 

11/13/96 

0:00:05 

0 

589600 
589600 
589600 
589600I 

57.6%x 

11/13/96 

1 :00:04 

0 

57.6% 
57.6%  i 
57.6%  ] 
57.6%] 
57.6%; 
57. 6% : 
"   62.6%| 
62.6%; 

11/13/96 

2:00:05 

0 
0 

11/13/96 

3:00:05 

11/13/96 

4:00:04 

0 

589600J 

11/13/96 

5:00:05 

0 

589600, 

11/13/96 

6:00:05 

0|         589600 

11/13/96 

7:00:05 

0         640800 

640800 

11/13/96 

8:00:05 

0 

640800 

640800 

11/13/96 

9:00:04 

0         640800 

640800 

62.6%^ 

I 

i     .      . . 

11/13/96 

10:00:05 

0 

640800 

640800 

7 

62.6%^ 

i 

11/13/96 

1 1 :00:05 

32000 

640800 

672800 

8 

65.7% 
72.0% 

. 

11/13/96 

12:00:04 

96000 

640800 

736800 

10 

11/13/96 

13:00:05 

0 

640800 

640800 

7 

62.6% 



11/13/96 

14:00:05 

0 

640800 

640800 

7 

62.6% 

11/13/96 

15:00:05 

32000 

640800 

672800 

8 

65.7% 

11/13/96 

16:00:05 

32000 

643200 

675200 

9 

65.9% 

11/13/96 

17:00:05 

0 

643200 

643200 

8 

62.8% 

11/13/96 

18:00:05 

0 

640800 

640800 

7 

62.6% 

11/13/96 

19:00:04 

0 

640800 

640800 

7 

62.6% 

11/13/96 

20:00:05 

0 

640800 

640800 

7 

62.6% 

11/13/96 

21:00:05 

0 

640800 

640800 

7 

62.6% 

11/13/96 

22:00:04 

0 

640800 

640800 

7 

62.6% 

11/13/96 

23:00:05 

0 

640800 

640800 

7 

62.6% 

11/14/96 

0:00:05 

0 

640800 

640800 

7 

62.6% 

11/14/96 

1 :00:05 

0 

640800 

640800 

7 

62.6% 

11/14/96 

2:00:05 

0 

640800 

640800 

7 

62.6% 

11/14/96 

3:00:05 

0 

640800 

640800 

7 

62.6% 

11/14/96 

4:00:05 

0 

640800 

640800 

7 

62.6% 

11/14/96 

5:00:06 

0 

640800 

640800 

7 

62.6% 

11/14/96 

6:00:04 

0 

640800 

640800 

7 

62.6% 

11/14/96 

7:00:04 

0 

640800 

640800 

7 

62.6% 

11/14/96 

8:00:05 

0 

643200 

643200 

8 

62.8% 

11/14/96 

9:09:21 

64000 

643200 

707200 

10 

69.1% 

11/14/96 

10:00:05 

32000 

643200 

675200 

9 

65.9% 

11/14/96 

1 1 :00:05 

64000 

512000 

576000 

3 

56.3% 

11/14/96 

12:00:05 

64000 

512000 

576000 

3 

56.3% 

11/14/96 

13:00:05 

0 

528000 

528000 

2 

51.6% 

11/14/96 

14:00:05 

32000 

605600 

637600 

6 

62.3% 

11/14/96 

15:00:05 

32000 

608000 

640000 

7 

62.5% 

11/14/96 

16:00:05 

64000 

608000 

672000 

8 

65.6% 

11/14/96 

17:00:05 

0 

608000 

608000 

6 

59.4% 

11/14/96 

18:00:05 

0 

605600 

605600 

5 

59.1% 

11/14/96 

19:00:04 

0 

605600 

605600 

5 

59.1% 

11/14/96 

20:00:04 

0 

605600 

605600 

5 

59.1% 

11/14/96 

21 :00:04 

0 

605600 

605600 

5 

59.1% 

77 
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Ft  Bragg  to  Hurlburt  1 

J 

Standard 

1024K 

total' 

total 
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APPENDIX  B.     NETWORK  MANAGEMENT  DEFINITIONS 


There  are  many  sub-definitions  for  some  of  the  following  terms.  The  author  has  attempted  to 
use  the  most  relevant  definition  to  the  subject  matter  in  the  thesis. 

Agent 

Software  running  on  a  network  device  or  computer  system  which  collects  and  makes  available 
MIB  variables 

Application  Program  Interface  (API) 

A  term  for  the  interface  by  which  an  application  program  gains  access  to  an  NMS  (or  other 
software  service),  usually  defined  at  the  source  code  level.  An  example  is  the  JAVA 
Management  API  (MAPI). 

Abstract  Syntax  Notation  One  (ASN.l) 

The  OSI  language  for  describing  abstract  entities  by  using  macros  that  build  on  simpler  entities. 
The  primary  advantage  of  this  syntax  is  that  it  is  not  dependent  upon  the  underlying  hardware. 


Asynchronous  Transfer  Mode  (ATM) 

A  high  speed  connection  oriented  switching  and  multiplexing  technology  that  uses  53  byte  cells 
(5  byte  header,  48  byte  payload)  to  transmit  different  types  of  traffic  simultaneously,  including 
voice,  video  and  data.  It  is  asynchronous  in  that  information  streams  can  be  sent  independently 
without  a  common  clock. 

Autodiscovery 

The  process  of  automatically  locating  obj  ects  on  the  network.  Some  autodiscovery  algorithms 
also  determine  and  save  the  network  topology.  Usually  access  is  limited  to  "community 
strings"  which  only  allow  operation  within  a  named  network  section. 

Binary  8  Zero  Substitution  (B8ZS) 

A  technique  that  accommodates  the  ones-density  requirement  of  digital  public  transmission 
facilities,  without  inducing  bit  errors. 
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Bandwidth 

The  amount  of  traffic  capacity  the  transmission  media  can  support  at  one  time.  Applications 
are  increasingly  requiring  more  and  more  bandwidth. 

Client/Server 

An  architecture  for  network  services  in  which  a  central  processor  (the  server)  runs  programs 
that  provide  file  storage,  database  management  and  access  to  shared  resources,  while  a  number 
of  remote  users  run  "client"  software  designed  to  access  and  share  these  resources.  In  network 
management  terms,  the  server  would  service  clients  within  a  sphere  of  responsibility  with  those 
management  tasks  and  functions  relevant  to  its  operation. 

Common  Management  Information  Protocol  (CMIP) 

Common  Management  Information  Protocol,  an  application  level  protocol,  specified  by  OSI, 
for  network  management. 

Customer  Network  Management  (CNM) 

Customer  Network  Management,  this  provides  (business)  customers  with  access  to  management 
information  in  the  public  network  management  system.  This  management  information  relates 
to  services  provided  to  the  customer  by  the  service  provider. 

Dynamic  Host  Configuration  Protocol  (DHCP) 

Dynamic  Host  Configuration  Protocol.  Used  to  dynamically  assign  IP  addresses. 


Element  Management  System  (EMS) 

An  EMS  manages  a  specific  portion  of  the  network.  For  example  with  a  SunNet  Manager,  an 
SNMP  management  application,  is  used  to  manage  SNMP  manageable  elements.  Element 
Managers  may  manage  async  lines,  multiplexers,  PABX's,  proprietary  systems  or  an 
application. 

Fault  Management 

Fault  management  is  the  detection  of  a  problem,  fault  isolation  and  correction  to  normal 
operation. 


90 


Integrated  Services  Digital  Network  (ISDN) 

-  A  switched  digital  transmission  service  provided  by  a  local  telco's  switching  office.  Uses  same 
copper  as  analog  service  so  is  practical  for  home,  small  office,  school  applications.  Available 
in  BRI  (2  64Kb  data  channels  1  signaling  channel)  or  PRI  (23  bearer(data/voice)  channels  1 
signaling  channel) 

Internet  Protocol  (IP) 

A  layer  3  protocol,  part  of  the  TCP/IP  protocol  suite  that  governs  packet  forwarding  between 
LAN's  or  LAN  segments. 

Jabber 

A  blanket  term  for  a  device  that  is  behaving  improperly  in  terms  of  electrical  signaling  on  a 
network.  In  ethernet  this  is  Very  Bad,  because  ethernet  uses  electrical  signal  levels  to  determine 
whether  the  network  is  available  for  transmission.  A  jabbering  device  can  cause  the  entire 
network  to  halt  because  all  other  devices  think  it  is  busy.  Without  protocol  and  application 
monitoring  this  problem  may  not  be  detected. 


Local  Area  Network  (LAN) 

A  data-communicatiorjs  system  that  operates  within  a  building  or  "campus".  This  meaning  has 
been  somewhat  diluted  due  to  extensions  of  LAN  range.  A  LAN  can  serve  a  base  and  still  be 
referred  to  as  a  LAN  rather  than  a  WAN. 

Managed  Objects 

Managed  Objects  are  the  devices,  systems  and/or  anything  else,  e.g.,  protocols  or  applications 
requiring  some  form  of  monitoring  and  management. 

Management  Information  Base  (MIB) 

The  objects  that  are  available  in  a  managed  system.  The  information  is  represented  in  Abstract 
Syntax  Notation  1  (ASN.l) 

MIB  Browser 

A  software  tool  that  can  be  used  to  display  arbitrary  MEB  variables  obtained  from  an  SNMP 
agent,  allowing  the  user  to  browse  through  all  the  information  provided  about  the  device  or 
service  supported  by  the  agent. 
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Open  Systems  Foundation  (OSF) 

A  foundation  created  by  nine  computer  vendors  to  promote  Open  Computing.  It  is  planned  that 
common  operating  systems  and  interfaces,  based  on  developments  in  Unix,  the  X  Windows 
System,  etc.  will  be  forthcoming  for  a  wide  range  of  different  hardware  architectures. 

Open  Systems  Interconnection  (OSI) 

A  top-level  model  of  network  architecture  that  specified  seven  functional  layers.  (Applications 
using  modem  programming  often  bypasses  these  artificial  layers  and  lets  high  level  appli cations 
perform  functions  that  were  reserved  for  lower  level  functionality.) 

Request  For  Comment  (RFC) 

The  realization  that  standards  in  the  computer  industry  change  very  quickly  has  resulted  in  a 
defacto  publishing  of  RFC's  to  allow  computer  industry  providers  the  ability  to  try  and  shape 
a  moving  target  of  standardization  by  publishing  and  commenting  on  the  proposed  rules. 
Usually  obsolete  by  the  time  the  RFC  is  widely  read  and  initially  adhered  to  by  the  group. 

Simple  Network  Management  Protocol  (SNMP) 

An  application  layer  protocol  that  allows  remote  management  of  networked  devices.  A  defacto 
standard  for  setting  and  monitoring  network  configuration  parameters.  Currently  the  version 
is  SNMPv2  and  work  is  proceeding  on  a  subsequent  improvement. 

TRAP 

A  trap  is  an  unsolicited  (device  initiated)  message.  The  contents  of  the  message  might  be 
simply  informational,  but  it  is  mostly  used  to  report  real-time  alarm  information. 

Virtual  Private  Network  (VPN) 

The  use  of  a  public  network  such  as  the  Internet  in  place  of  private  lines  to  transport  internal 
corporate  data  such  as  intranet  documents,  groupware  communications  and  email. 


Wide  Area  Network  (WAN) 

A  public  or  private  communications  system  serving  geographically  separate  areas. 
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APPENDIX  D.    HYPER-TEXT  LINKS  TO  NMS/METRIC  SITES 

One  of  the  fundamental  aspects  of  HTTP  links  is  that  they  are  dynamic.  Their 
addresses,  content  and  appearances  change  as  often  as  they  are  updated.  Any  researcher, 
network  engineer  using  them  should  recognize  the  necessity  to  monitor  changes  and  updates. 
This  collection  while  current  at  the  time  of  writing  will  change.  Not  all  of  these  are  easily 
found  in  search  engines  on  the  web  and  represent  many  cross  searches  and  browsing  hours.  It 
is  hoped  that  this  "starting  point"  will  save  valuable  time  for  network  engineers  and 
administrators.  The  sites  are  divided  into  military,  industry  and  university  groups. 

A.         MILITARY: 

AETC  NMS  Server. 

The  USAF  Air  Education  Training  Command  Base  Network  Control  Center  Information 

Services 

http://www.aetc.af.mil/AETC-NetMgmt/nms-mainmenu.html 


B.  INDUSTRY: 

Network  Management  Server  (NMS) 

This  server  functions  as  the  archive  base  for  Network  Management  Systems.    It  is  a  good 

starting  point  for  research. 

http://netman.cit.buffalo.edu/index.html 

Network  Management  Forum 

The   Network   Management  Forum   exists  to  promote  the  worldwide   acceptance  and 
implementation  of  a  service-based  approach  to  network  and  systems  management  that  crosses 
the  boundaries  of  the  telecommunications  and  computing  industries. 
http://www/nmf.org/ 

Management  Information  (European  -  Micromuse). 

A  good  European  Network  Management  resource 
http://www.micromuse.com/netman/ 
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C.         UNIVERSITIES: 


University  of  Braunschweig  (Germany) 
http://tu-bs.de/ibr/projects/nm/welcome.html 

University  of  Delft  (Netherlands) 
http://dnpap.et.tudelft.nl/DNPAP/dnpap.html 

University  of  Kansas  NTS  Network  Management  Homepage 

Features  real  time  network  utilization  statistics,  subnet  tables,  and  router  arp  tables  for  many 
of  the  educational  institutions  in  Kansas. 
http://  www.uks.edu/NMS/initial.html 

Ohio  State  University 

This  site  in  addition  to  giving  links  to  the  Ohio  State  NMS  gives  a  FAQ  on  SNMP  that  is  good 
for  network  engineers. 
http://www.cis.ohio-state.edi/htpertext/faq/usenet/snmp-faq/partl/faq.html 

Stanford  Linear  Accelerator  Center  (SLAC)  at  Stanford 
SLAC  Network  Management  Team 
http://www.slac.stanford.edu/comp/net/quick-guide.html 


University  of  Twente  (Netherlands) 

Publishes  The  Simple  Web,  e-zine  with  focus  on  Internet  management 
http://snmp.cs.utwente.nl/ 

Yale 

Distributed  Management  System  (DMS) 
http://pantheon.cis.yale.edu/~Kmyles/AS-dms.html 
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